App Control: Blocks When Server/Console Is Down or Unavailable
search cancel

App Control: Blocks When Server/Console Is Down or Unavailable

book

Article ID: 288373

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

  • Server/App Control console is down or unavailable
  • Wanting to avoid or circumvent blocks on endpoint(s) while server is down

Environment

  • App Control Agent (formerly CB Protection): All Supported Versions
  • App Control Console (formerly CB Protection): All Supported Versions
  • Microsoft Windows: All Supported Versions

Cause

Planned or unplanned downtime of the App Control Server/Console

Resolution

Planned Downtime Options (from the console):
  1. Change the "Disconnected Enforcement Level" to Medium or Low Enforcement
    1. Login to the Console
    2. Navigate to Rules > Policies
    3. Click to edit each desired policy
    4. Change "Enforcement Level (Disconnected)" to Low or Medium
    5. Revert when downtime is complete
  2. Put the devices into local approval mode
    1. Login to the Console
    2. Navigate to Assets > Computers
    3. Select computer(s) > Action > Move to Local Approval
    4. Revert when downtime is complete
Unplanned Downtime (Manually):
  1. Place the device into low/med enforcement or into local approval mode
    1. Login to the affected device
    2. Open admin CMD prompt
    3. Run commands:
      cd c:\program files (x86)\bit9\parity agent
      dascli password <Password>
      dascli enforcement low  (or med)
      dascli status (confirm enforcement level)
    4. Restart endpoint or CB Protection agent service to revert enforcement level.
  2. Put the device(s) into local approval mode:
    1. Login to the affected device
    2. open admin CMD prompt
    3. Run commands:
      cd c:\program files (x86)\bit9\parity agent
      dascli password <Password>
      dascli disconnect
      dascli enforcement 35
      dascli status (confirm enforcement level shows local approval)
    4. After the server is back up :
      1. Run the command:
        cd c:\program files (x86)\bit9\parity agent dascli password <Password>
        dascli disconnect
      2. OR - Restart endpoint or App Control agent service to revert enforcement level.
    5. Confirm the agent is back to being connected and in the correct enforcement mode by running the command
      dascli status

Additional Information

  • Lowering the enforcement level or changing to local approval does come with risk. Refer to the User Guide for more information.
  • Transitioning from Low Enforcement back to High enforcement can locally approval all unapproved files depending on policy setting. Refer to the User Guide for more information.