EDR: Does the Linux Kernel Need to Match the OER Grid Exactly?
search cancel

EDR: Does the Linux Kernel Need to Match the OER Grid Exactly?

book

Article ID: 287631

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response) Carbon Black Hosted EDR (formerly Cb Response Cloud)

Issue/Introduction

Can the Carbon Black Linux sensor be installed on EL 8 if the kernel does not match the OER "Supported Linux Operating Systems and Respective Sensors" grid?

Environment

  • EDR Linux Sensor:  7.x

Resolution

Yes, usually if it is a minor discrepancy.  The Cb sensor uses kernel version agnostic technology (eBPF) and should work properly.  

Additional Information

  • For example, if the grid states RHEL 8.8, kernel 4.18.0-477.10.1 supports Cb Sensor version 7.1.2 - 7.2.0, does it also support 4.18.0-477.27.1?  Yes.
  • If the kernel version is not listed in the OER grid and there are issues, please open a Support case.
  • Quick additional troubleshooting checks:
* Confirm the kernel packages (kernel, kernel-devel, kernel-headers) versions match.
* After an upgrade, occasionally the sensor requires a reboot.  This is due to the interaction with other software installed.
* Confirm other security products installed are allowing the Carbon Black sensor to run. (KB below)
* In rare cases, consider uninstalling the current Cb sensor completely, then re-installing.

 


 
Powered by Wolken Software