App Control:“Resend All Policy Rules” Does Not Fully Replace Configlist
search cancel

App Control:“Resend All Policy Rules” Does Not Fully Replace Configlist


Article ID: 287029


Updated On:


Carbon Black App Control (formerly Cb Protection)


  • After performing "Resend All Policy Rules" on an Agent, the Agent still has some old policy rules and meters in place.


  • App Control Server: All Supported Versions
  • App Control Agent: All Supported Versions
  • Microsoft Windows: All Supported Versions


  • Not all of the old policies and meters on the Agent(s) were successfully purged and updated


From the Console
  1. Navigate to https://<Servername>/shepherd_config.php
  2. Find property "EnableConfigListFullImport" (8.5 and prior agent versions check additional notes)
  3. Set property to "true"
  4. Re-send policy rules on affected device(s)
  1. Obtain a copy of configlist.xml from the servers install directory
    • (Default location is C:\Program Files (x86)\Bit9\ParityServer\configxml)
  2. Open an admin CMD prompt
  3. Run commands:
    CD C:\Program Files (x86)\Bit9\Parity Agent
    dascli password <cli-password>
    dascli importconfiglist <Path>configlist.xml full now

Additional Information

  • Shepherd Config EnableConfigListFullImport is not working as expected in 8.5 and prior agent versions, the issue is resolved in 8.6 and 8.7 Agent Version
  • If the device shows a status of "Red" or "Reboot Required":
    1. Navigate to Assets> Computers
    2. Find the device in question and go into it's "computer details"
    3. Navigate to Advanced > Other Actions > Restart Service (this will clear the reboot warning)
  • The "full" and "now" switches used in the importconfiglist command will clean out all the config and policy information from the agent and update it immediately from the provided file
  • Achieve this by reinstalling the agent, this will cause the agent to reinitialize however