How to properly enable Tamper Protect when the Carbon Black EDR sensor and Carbon Black App Control agent are both installed on the same endpoint.

• EDR Sensor: All Supported Versions
• App Control Agent: All Supported Versions
• Microsoft Windows: All Supported Versions

1. Log in to the App Control Console and navigate to Rules > Software Rules > Rapid Configs.
2. Verify the Rapid Config, "Carbon Black EDR Tamper Protection" has been Disabled.
3. Configure Tamper Protection for each product separately:
   1. App Control: Disable/Enable Tamper Protection for App Control
   2. EDR: User Guide > Managing Sensors > Tamper Protection of Windows Sensors

• Enabling the Rapid Config in App Control when Tamper Protection is already enabled in EDR is not recommended, and does not provide extra protection.
• The App Control Rapid Config is designed to be used only when EDR Tamper Protection cannot be.
• Any Windows sensor in a Sensor Group that has Tamper Protection applied but does not meet the minimum OS requirements will default to Tamper Detection.
• Requirements for EDR Windows Tamper Protection:
  • Minimum OS Versions of Windows 10 v1703 (Desktop) or Windows Server v1709 (Windows build 15163)
  • Minimum Carbon Black EDR versions of v7.2.0 Windows EDR sensor and
  • v7.4.0 Carbon Black EDR Server