Methods to Upgrade the App Control Agent
Article ID: 286512
Updated On: 01-06-2025
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
Methods to upgrade the App Control agent
Environment
- App Control Agent: All Supported Versions
- Microsoft Windows: All Supported Versions
- macOS: All Supported Versions
- Linux: All Supported Versions
Resolution
Table of Contents
All Platforms (Automatic Upgrades via Console)
| ATTENTION! When a new Agent Installer is uploaded to the Server, the global option to upgrade Agents (manually or automatically) via the Console is automatically turned off. Before turning this feature on verify which Policies are configured to start Automatic Upgrades or those which are not, and adjust accordingly. |
Verify Policy Configuration
- Navigate to Rules > Policies.
- Click Show Columns and add the relevant Column name:
- Server 8.10.0 and higher: Automatically Upgrade Agents
- Server 8.9.x or earlier: Allow Upgrades
- Edit the relevant Policies accordingly to disable or enable automatic upgrades per-Policy.
Enable Console Upgrades
- Navigate to Settings > System Configuration > Advanced Options > Edit.
- Locate the section: Carbon Black App Control Agent:
- Server 8.10.0 and higher: Automatic Agent Upgrades
- Server 8.9.x or earlier: Allow Agent Upgrades
- Choose Enabled and click Save.
Starting Agent Upgrades
- Manually upgrading individual Agents
- Navigate to Assets > Computers
- Check the box for the relevant Computer(s)
- Action > Upgrade Computers
- Automatically upgrading all Agents in a Policy
- Navigate to Rules > Policies > Edit the relevant Policy
- Check the box for Automatically Upgrade Agents (or Allow Upgrades)
Windows
Manual Upgrade via Command Line (Major version)
|
A Major version upgrade requires the install flag "msiexec /i" be used when the product GUID changes (e.g. from 8.9 to 8.10). Please check the Agent Product GUID to verify if it has changed. |
- Log in to the App Control Server > Open Windows Explorer > Navigate to: \Program Files (x86)\Bit9\Parity Server\hostpkg
- Copy the file ParityHostAgent.msi to a location that is accessible to the endpoint being upgraded
- Alternatively, grab the file from the App C download URL: https://AppCserver/hostpkg/pkg.php?pkg=ParityHostAgent.msi
- Open Command Line as Admin and execute:
msiexec /i "C:\Path\To\ParityHostAgent.msi" /qn /L*v+ "C:\Temp\AgentUpgrade.log"
Manual Upgrade via Command Line (Minor version)
|
A Minor version upgrade requires the repair flag "msiexec /fvamus" be used when the product GUID does not change (e.g. from 8.9.4 to 8.9.6). Please check the Agent Product GUID to verify if it has not changed. |
- Log in to the App Control Server > Open Windows Explorer > Navigate to: \Program Files (x86)\Bit9\Parity Server\hostpkg
- Copy the file ParityHostAgent.msi to a location that is accessible to the endpoint being upgraded
- Alternatively, grab the file from the App C download URL: https://AppCserver/hostpkg/pkg.php?pkg=ParityHostAgent.msi
- Note: Do not rename ParityHostAgent.msi (this will cause "Error determining package source type")
- Open Command Line as Admin and execute:
msiexec /fvamus "C:\Path\To\ParityHostAgent.msi" /qn /L*v "C:\Temp\AgentUpgrade.log"
Upgrades via 3rd Party Utilities
|
NOTES:
|
- If allow_upgrade is not set via Agent Config, use the following commands to authenticate with the Agent and set manually:
cd "C:\Program Files (x86)\Bit9\Parity Agent"
dascli password GlobalCLIPassword
dascli setconfigprop allow_upgrade=1 - Use an administrative command prompt to with the relevant Major or Minor upgrade command (depending on whether the Product GUID has changed):
Major Upgrade (Different GUID):
msiexec /i "C:\Path\To\ParityHostAgent.msi" /qn /L*v+ "C:\Temp\AgentUpgrade.log"
Minor Upgrade (Same GUID):
msiexec /fvamus "C:\Path\To\ParityHostAgent.msi" /qn /L*v "C:\Temp\AgentUpgrade.log" - Disable the Agent Config for allow_upgrade, or if set manually adjust accordingly:
cd "C:\Program Files (x86)\Bit9\Parity Agent"
dascli password InsertCLIPasswordHere
dascli setconfigprop allow_upgrade=0
macOS
Manual Upgrade via Terminal
- Log in to the App Control Server.
- In Windows Explorer, navigate to "C:\Program Files (x86)\Bit9\Parity Server\hostpkg"
- Copy the upgrade file Bit9MacInstall.bsx to a location that is accessible to the endpoint being upgraded
- From terminal issue the commands:
cd /Applications/Bit9/tools
./b9cli --password InsertCLIPasswordHere
./b9cli --tamperprotect 0
cd ~/Downloads
sudo bash Bit9MacInstall.bsx - Re-enable tamper protection after the upgrade completes:
./b9cli --tamperprotect 1
Linux
Manual Upgrade via Terminal
- Log in to the App Control Server.
- In Windows Explorer, navigate to "C:\Program Files (x86)\Bit9\Parity Server\hostpkg"
- Copy the upgrade file Bit9RedHat{6,7,8 or 9}Install.bsx to a location that is accessible to the endpoint being upgraded
- From terminal issue the commands:
cd /opt/bit9/bin
./b9cli --password InsertCLIPasswordHere
./b9cli --tamperprotect 0
sudo bash Bit9Redhat{6,7,8,9}Install.bsx - Re-enable tamper protection after the upgrade completes:
./b9cli --tamperprotect 1
Additional Information
- By default the App Control Server will attempt to upgrade 1 Agent every 10 seconds when Automatic Upgrades is enabled.
- On average, total upgrade pacing is ~360 per hour assuming no errors occur. This pacing helps prevent unnecessary load on the App Control Server.
- More information can be found in the Agent Installation Guide.
- Whenever a new Agent package is uploaded, the newest version of the Policy Installer files should be used for Agent installs.
- If the Resource Download Location (by default: https://YourServer/hostpkg) is available to the endpoints, the URL can be used for the file paths:
msiexec /i /qN "https://YourServer/hostpkg/pkg.php?pkg=ParityHostAgent.msi" B9_CONFIG="https://YourServer/hostpkg/pkg.php?pkg=configlist.xml" /L*v+ "C:\Temp\AgentUpgrade.log"
Feedback
Yes
No
Powered by
