Carbon Black Cloud: How to Configure Policy for Non-Persistent VDI Devices
Article ID: 290063
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Issue/Introduction
Create a policy to manage non-persistent VDI devices.
Environment
- Carbon Black Cloud Console: All Versions
Resolution
- Duplicate a current policy or create a new policy for VDI devices. Set blocking and isolation as well as any needed permission rules as desired.
- Select the new policy, then navigate to the "Local Scan" tab
- Set "Allow Signature Updates" to disabled and select save. This will prevent large volumes of VDI devices from updating local definitions simultaneously potentially causing overutilization of network bandwidth.
- Set "On-Access File Scan" mode to disabled. This will prevent all files from the endpoint from being rescanned each time a new clone is created.
- Navigate to the "Sensor" tab
- Uncheck the box for "Run background scan". This will prevent the sensor from inventorying all files on the endpoint each time a new clone is created.
- Select the checkbox next to "Auto-deregister VDI devices that have been inactive for". Beneath that checkbox, set the time required for the sensor to be offline before deregistering, then save the policy. This setting will control the amount of time that must elapse between the sensor's check in that will trigger the device status to become deregistered. Unless a specific use-case dictates otherwise, it is recommended to set this to a minimum of 24 hours to prevent unintended de-registration. Additionally, this setting is only viable in policies that contain ONLY non-persistent VDI devices.
Feedback
Yes
No
Powered by
