Methods To Install an App Control Agent
search cancel

Methods To Install an App Control Agent

book

Article ID: 286750

calendar_today

Updated On: 04-04-2025

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

Steps to install an App Control Agent

Environment

  • App Control Agent: All Supported Versions
  • Microsoft Windows OS: All Supported Versions
  • macOS: All Supported Versions

Resolution

Table of Contents

Windows

IMPORTANT: Legacy Windows (XP, 7, 2003, 2008) installs require specific steps!

 

Method 1: Using the Policy Installer (Preferred)

  1. Navigate to https://ServerAddress/hostpkg/ to download the relevant Policy Installer MSI file.
  2. Confirm if Registration Codes are enabled or not.
  3. Use an administrative command prompt to issue the relevant command:
    • If Registration Codes are disabled: 
      msiexec.exe /i "C:\Path\To\PolicyInstaller.msi" /qn /norestart /L*v "C:\Temp\AgentInstall.log"
    • If Registration Codes are enabled: 
      msiexec.exe /i "PolicyInstaller.msi" B9_REGISTRATION_CODE=registrationcodegoeshere /qn /norestart /L*v "C:\Temp\AgentInstall.log"

Method 2: Using the Unbranded Installer

Manually with Server.conf (XP/2003 Installs)

  1. Verify Zip Package Generation is enabled (Requires Server 8.9.0+):
    1. Navigate to https://ServerAddress/shepherd_config.php
    2. Verify the Property GenerateWindowsHostGroupZipPackage is set to: true
  2. Download the relevant Policy.zip file to the endpoint.
    1. Navigate to https://ServerAddress/hostpkg and download the relevant zip file (Ex: Production-LowEnforcement.zip)
    2. Extract the contents to a temporary location. (Ex: C:\Temp\Production-LowEnforcement\)
    3. Execute the relevant installation file
      • Windows XP/2003: ParityHostAgent_SHA1.msi must be used. XP and 2003 do not support the SHA256 signed version.
      • All other Windows Versions: ParityHostAgent.msi

Manually with ParityHostAgent.msi

  1. Gather "ParityHostAgent.msi" and "configlist.xml" files from the App Control servers hostpkg folder
    • The default location is C:\Program Files (x86)\Bit9\Parity Server\hostpkg)
    • The unencrypted version of configlist.xml is required. Using configlist.xml.egk or configlist.xml.enc will result in a failed install attempt.
  2. Gather the necessary details:
    • B9_SERVER_IP: This needs to match the  "Server Address" listed in the console under System Configuration (gear icon) > general tab
    • B9_SERVER_PORT: This must match the "Server Port" mentioned in System Configuration > general tab
    • B9_SERVER_ID: This is found by navigating to https://yourconsole/support.php > Advanced Configuration > Server ID field
    • B9_CONFIG: This will be the path to the configlist.xml that you copied
    • B9_HOSTGROUP: This value will be the name of the policy you want to assign it to after install, policy name should be in quotes.
    • Optional Configs
      • B9_REGISTRATION_CODE (8.9.2+) Confirm if Registration Codes have been enabled. If so, this must have a valid code specified.
      • B9_ENABLE_SERVICE_PROTECTION (8.10.0+) Disable PPL during install
  3. Open and admin CMD Prompt and run the relevant command. Example: 
    msiexec /i "C:\Temp\ParityHostAgent.msi" B9_SERVER_IP=Eaxmple.com B9_SERVER_PORT=41002 B9_SERVER_ID={b9}ServerIdcodehere... B9_CONFIG="C:\Temp\configlist.xml" B9_HOSTGROUP="Corp Low Policy" B9_REGISTRATION_CODE=registrationcodegoeshere B9_ENABLE_SERVICE_PROTECTION=0 /L*v "C:\Temp\AgentInstall.log"

macOS

  1. Navigate to https://ServerAddress/hostpkg and download the relevant macOS install package.
  2. Open the Disk Image file (Ex: policyname-mac.dmg) and execute the pkg installation file inside it.
  3. Respond to the installation dialog prompts and when the dialog indicates the installation was successful, click Close.
  4. Open Security Preferences (System Preferences > Security & Privacy > Privacy)
  5. Verify Full Disk Access is allowed, and the following System Extensions are Allowed & Unblocked:
    • appc_es_extension
    • b9notifier
    • b9daemon
  6. Reboot the endpoint.

More detailed instructions and Jamf Deployment instructions, are available in the macOS Agent Installation Guide.

Linux

  1. Navigate to https://ServerAddress/hostpkg and download the relevant Linux install package.
  2. Extract the Agent installer: 
    tar -xvzf <policyname>-Red Hat.tgz
    • Note: If the Policy name contains characters not accepted in command arguments, such as spaces or parentheses, escape each character with a backslash.
  3. Change to the directory matching the download tarball name: 
    cd <policyname>-Red Hat
    • Note: App Control Server versions 8.9.0 and lower will require the attached GPG key bit9cs_sha2.asc in the same folder as b9install.sh.
  4. Validate the b9install script against the Public Key and Detached Signature with the following commands: 
    gpg –-dearmor bit9cs_sha2.asc
gpg --no-default-keyring --homedir . --keyring bit9cs_sha2.asc.gpg --verify b9install.asc b9install.sh
    • Note: The result should return similar: gpg: Good signature from "build (carbonblack)"
  5. Install the Agent: 
    With Notifier: sudo sh ./b9install.sh
Without Notifier: sudo sh ./b9install.sh –n

Notes:

  • This procedure (and any installation involving b9install.sh) should be used only when the Linux Agent is otherwise fully removed from the endpoint.
  • If using Secure Boot, please follow these instructions instead:

Attachments

20413_bit9cs_sha2.asc.zip get_app
Powered by Wolken Software