App Control: Blocks When Server/Console Is Down or Unavailable
book
Article ID: 288373
calendar_today
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
Server/App Control console is down or unavailable
Wanting to avoid or circumvent blocks on endpoint(s) while server is down
Environment
App Control Agent (formerly CB Protection): All Supported Versions
App Control Console (formerly CB Protection): All Supported Versions
Microsoft Windows: All Supported Versions
Cause
Planned or unplanned downtime of the App Control Server/Console
Resolution
Planned Downtime Options (from the console):
Change the "Disconnected Enforcement Level" to Medium or Low Enforcement
Login to the Console
Navigate to Rules > Policies
Click to edit each desired policy
Change "Enforcement Level (Disconnected)" to Low or Medium
Revert when downtime is complete
Put the devices into local approval mode
Login to the Console
Navigate to Assets > Computers
Select computer(s) > Action > Move to Local Approval
Revert when downtime is complete
Unplanned Downtime (Manually):
Place the device into low/med enforcement or into local approval mode
Login to the affected device
Open admin CMD prompt
Run commands:
cd c:\program files (x86)\bit9\parity agent
dascli password <Password>
dascli enforcement low (or med)
dascli status (confirm enforcement level)
Restart endpoint or CB Protection agent service to revert enforcement level.
Put the device(s) into local approval mode:
Login to the affected device
open admin CMD prompt
Run commands:
cd c:\program files (x86)\bit9\parity agent
dascli password <Password>
dascli disconnect
dascli enforcement 35
dascli status (confirm enforcement level shows local approval)
After the server is back up :
Run the command:
cd c:\program files (x86)\bit9\parity agent dascli password <Password>
dascli disconnect
OR - Restart endpoint or App Control agent service to revert enforcement level.
Confirm the agent is back to being connected and in the correct enforcement mode by running the command
dascli status
Additional Information
Lowering the enforcement level or changing to local approval does come with risk. Refer to the User Guide for more information.
Transitioning from Low Enforcement back to High enforcement can locally approval all unapproved files depending on policy setting. Refer to the User Guide for more information.