Avoiding Duplicate Sensor ID's When Imaging or Using VDI
Article ID: 289650
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Issue/Introduction
How to avoid duplicate sensor ID's when registering sensors against the CB Cloud
Environment
- CB Cloud Windows Sensor: Versions older than 3.8.0.535
- CB Cloud Linux Sensor: Versions older then 2.12
- Microsoft Windows: All supported versions
- Linux: All supported versions
Resolution
Upgrade to sensor version 3.8.0.535 (Windows) or 2.12.x (Linux) and Higher as additional sensor functionality has been implemented to avoid duplicate device_id's
Additional Information
- The newer sensor versions and corresponding back-end changes have a way to check to see if the sensor is using a duplicate device_id, by using a machine UUID/hash generated via static information from the OS.
- When the sensor is started, it generates a hash of the system, which will never be the same between 2 different systems, even clones or VDI systems -- but the hash will not change on the same system, even after a system restart.
- When a sensor checks in with a device_id and corresponding hash, the cloud backend verifies that the device UUID/hash is the same as previously associated with the device_id.
- If the stored hash is different than the one being presented by the sensor during check-in, then the backend tells the sensor to automatically re-register itself.
- This prevents duplicate device_id's.
- These settings can be modified during installation of the Windows sensor per the AUTO_REREGISTER_FOR_VDI_CLONES= setting described here.
- AUTO_REREGISTER_FOR_VDI_CLONES=1 is recommended for physical machines to prevent them from changing device_id.
- There is a behavior in EA-20280 which will cause reregistered machines to be marked as VDI and linked to the original device_id.
Feedback
Yes
No
Powered by
