Carbon Black Cloud Sensor: How to Avoid Duplicate Sensor ID's When Imaging or Using VDI
search cancel

Carbon Black Cloud Sensor: How to Avoid Duplicate Sensor ID's When Imaging or Using VDI

book

Article ID: 289650

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense)

Issue/Introduction

How to avoid duplicate sensor ID's when registering sensors against the CB Cloud

Environment

  • CB Cloud Windows Sensor:  Versions older than 3.8.0.535
  • CB Cloud Linux Sensor:  Versions older then 2.12
  • Microsoft Windows:  All supported versions
  • Linux:  All supported versions

Resolution

Upgrade to sensor version 3.8.0.535 (Windows) or 2.12.x (Linux) and Higher as additional sensor functionality has been implemented to avoid duplicate device_id's

Additional Information

  • The newer sensor versions and corresponding back-end changes have a way to check to see if the sensor is using a duplicate device_id, by using a machine UUID/hash generated via static information from the OS. 
  • When the sensor is started, it generates a hash of the system, which will never be the same between 2 different systems, even clones or VDI systems -- but the hash will not change on the same system, even after a system restart. 
  • When a sensor checks in with a device_id and corresponding hash, the cloud backend verifies that the device UUID/hash is the same as previously associated with the device_id. 
  • If the stored hash is different than the one being presented by the sensor during check-in, then the backend tells the sensor to automatically re-register itself.   
  • This prevents duplicate device_id's.
  • These settings can be modified during installation of the Windows sensor per the AUTO_REREGISTER_FOR_VDI_CLONES= setting described here.
  • AUTO_REREGISTER_FOR_VDI_CLONES=1 is recommended for physical machines to prevent them from changing device_id.
  • There is a behavior in EA-20280 which will cause reregistered machines to be marked as VDI and linked to the original device_id.