How to Rebuild the Yara Rules File
search cancel

How to Rebuild the Yara Rules File

book

Article ID: 290786

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

Rebuild the Yara.bt9 rules file downloaded by Agents from the App Control Server.

Environment

  • App Control Server: All Supported Versions
  • Windows Server: All Supported Versions

Resolution

  1. Login to the application server as the Carbon Black Service Account.
  2. Browse to: "C:\Program Files (x86)\Bit9\Parity Server\configxml"
  3. Move all Yara*.bt9 files to a backup location outside of the Bit9 directory, such as the desktop.
  4. Browse to: "C:\Program Files (x86)\Bit9\Parity Server\hostpkg"
  5. Move the Yara.bt9 file to the backup location.
  6. Restart the service: App Control Server.
  7. Verify the Yara files were recreated in the "configxml" and "hostpkg" directories.

Additional Information

  • The new Yara.bt9 file will have a new hash, and all Agents will be instructed to download the updated Yara file
  • If using an alternative Resource Download Location, make sure to copy the new Yara.bt9 file to that location
  • If the Resource Download Location for Yara.bt9 is changed, the server will send the new download URL to agents only when this is set: 
    • Navigate to: https://AppcServer/Shepherd_config.php
      Select from the dropdown: TriggerYaraDownload > Set it to: true > Change
Powered by Wolken Software