App Control: Does Updating the Rules Installer on the Console Result in a Cache Consistency Check on the Endpoints?
search cancel

App Control: Does Updating the Rules Installer on the Console Result in a Cache Consistency Check on the Endpoints?

book

Article ID: 286685

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

Does updating the Rules Installer on the App Control Server result in a Cache Consistency Check on the endpoints?

Environment

  • App Control Server: All Supported Versions
  • App Control Rules Installer: All Supported Versions

Resolution

Yes, the Rules Installer typically contains Yara Rule updates that must be pushed to the Agents. These Yara Rule updates will require a Cache Consistency Check (CC3) in order for the new Yara Rules to be correctly applied to existing files on the endpoint.

Additional Information

  • The CC3 will scan all files on the endpoint and apply the new Yara Rules against all existing files. This is similar to the Initialization process on the endpoints.
  • The CC3 should not be avoided entirely, and must be run in order for the new Rules to be applied on existing files.
  • If necessary the CC3 could be delayed by temporarily using the agent_config value: cc3_on_yara_rule_change=0
Powered by Wolken Software