Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Endpoint Standard: How to Install Windows Sensors using SCCM

Endpoint Standard: How to Install Windows Sensors using SCCM


  • Endpoint Standard (formerly CB Defense): All Versions
  • Microsoft Windows: All Supported versions
  • System Center 2012 Configuration Manager (SCCM)


How to deploy endpoint standard using SCCM


Add Cb Defense Sensor Application 

  1. Open SCCM Configuration Manager. 
  2. In the Software Library select Overview > Application Management > Applications
  3. Right Click on Applications and Select "Create Application" 
    User-added image
  4. On the General Page select "Automatically detect information about this application from installation files:"
  5. Type: Windows Installer (*.msi file)
  6. Location: Accessible share that contains the Sensor msi file 
  7. Then Select "Next" 
    User-added image
  8. On the Import Information Page there should be a message that says "Application information successfully imported from the Windows Installer"
  9. Select "Next" 
    User-added image
  10. On the General Information Page add the required COMPANY_CODE install parameter and the /L*vx C:\pathname\msi.log parameter to ensure the verbose msi install log is created in your specified location. Any other optional command options specified in Carbon Black Cloud: How to Perform an Unattended Installation of the Windows Sensor can also be added at this point
  11. Select "Next" 
    User-added image
  12. On the Summary Page select "Next" 
    User-added image
  13. On the Completion Page Select "Close" 
    User-added image
  14. Right Click on the "Cb Defense Sensor Application" you just added and select "Properties" 
    User-added image
  15. Select the "Deployment Type" tab 
  16. Select the "Deployment Type" you have configured for Cb Defense  
  17. Select "Edit" 
    User-added image
  18. Select the "Programs Tab" to change the uninstall command from msiexec /x "installer_vista_win7_win8-xx-x.x.x.xxxx.msi" to %ProgramFiles\Confer\uninstall.exe /uninstall <Company Deregistration Code> if the "Require code to uninstall sensor" is enabled on the Policy and you want the option of being able to uninstall the sensor using SCCM
    User-added image
  19. Select the "Detection Method" tab 
  20. Select the "Detection rule" configured 
  21. Select "Edit Clause" 
    User-added image
  22. Change the "Setting Type" to "File System" 
    User-added image
  23. Set Path to %ProgramFiles%\Confer, File or Folder name to RepUx.exe
  24. Select "The file system setting must satisfy the following rule to indicate the presence of this application"
    Configure MSI Property "Version", Operator "Greater than or equal to", and Version should be the currently install Cb Defense sensor version. 
    User-added image
  25. Select "OK" to save changes to the Detection Rule
  26. Select "OK" to save changes to the Detection Method
  27. Select "OK" to save changes to the Deployment Type


Deploy Cb Defense Sensor Application

  1. Right click on the "Cb Defense Sensor Application" and select "Deploy" 
    User-added image
  2. On the General Page select "Browse" for the Collection field 
    User-added image
  3. From the drop down choose "Device Collections" and choose a collection of devices to deploy to 
    User-added image
  4. Select "Next"  
    User-added image
  5. On the Content Page select "Add" to add a Distribution point then select "Next" 
    User-added image
  6. On the Deployment Settings page select Action "Install", Purpose "Required", and "Next" 
    User-added image
  7. On the Scheduling Page choose deployment schedule and select "Next" 
    User-added image
  8. On the User Experience Page choose preferences and select "Next" 
    User-added image
  9. On the Alerts Page choose preferences and select "Next" 
    User-added image
  10. Review the Summary Page to confirm settings are correct and select "Next" 
    User-added image
  11. On the Completion Page select "Close" 
    User-added image


Verify Cb Defense Sensor Application was deployed

  1. To verify that the applictation was deployed successfully on the SCCM Configuration Manager select the Cb Defense Sensor Application and check compliance status on the "Deployments" tab (NOTE: Completed or unwanted deployments can be removed from this tab)
    User-added image
  2. To verify that the application was deployed successfully on the device open the "Software Center" and check the Installation Status or Installed Software tabs 
    User-added image

Additional Notes

Please note many Microsoft operating systems are no longer supported through SCCM / Configuration Manager - notably Server 2003, 2008 and some variants of Windows 7. See this document for the full list: Deprecated for clients - Configuration Manager

Do not forget to add detection logic to your job to prevent the sensor from being over installed and causing duplicate entries. 

When you introduce an SCCM job for a new sensor install do not forget to stop or delete any jobs for older sensor installs.

Was this article helpful? Yes No
86% helpful (6/7)
Article Information
Creation Date: