App Control: How to Rebuild the Yara Rules File
search cancel

App Control: How to Rebuild the Yara Rules File

book

Article ID: 290786

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

Rebuild the Yara.bt9 rules file downloaded by Agents from the App Control Server.

Environment

  • App Control Server: All Supported Versions
  • Windows Server: All Supported Versions

Resolution

  1. Login to the application server as the Carbon Black Service Account.
  2. Browse to: "C:\Program Files (x86)\Bit9\Parity Server\configxml"
  3. Move all Yara*.bt9 files to a backup location outside of the Bit9 directory, such as the desktop.
  4. Browse to: "C:\Program Files (x86)\Bit9\Parity Server\hostpkg"
  5. Move the Yara.bt9 file to the backup location.
  6. Restart the service: App Control Server.
  7. Verify the Yara files were recreated in the "configxml" and "hostpkg" directories.

Additional Information

  • The new Yara.bt9 file will have a new hash, and all Agents will be instructed to download the updated Yara file.
  • If the Resource Download Location has been altered the new Yara.bt9 file will need to be copied to this location.
Powered by Wolken Software