Carbon Black Cloud: Linux sensors fail to fully install after running install package (rpm) with a third party deployment solution
Article ID: 292512
Updated On:
Products
Carbon Black Cloud Audit and Remediation (formerly Cb Live Ops)
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Issue/Introduction
- Linux distro and kernel have been verified in Supported Distros to confirm it is compatible with Enterprise EDR (formerly known as ThreatHunter)
- Install appears to be successful, however, events are missing after deploying the sensor using a third-party deployment tool
Environment
- Carbon Black Cloud Sensor (for Linux): 2.8.0.238774
- Endpoint Standard
- Enterprise EDR
Cause
The installers were designed to keep the components distribution agnostic as in future versions of the sensor, components will be delivered on demand from the cloud. Nonetheless VMWare Carbon Black is taking this deployment limitation into account.
Resolution
Working as designed. The sensors components are installed as part the install routine when running sudo ./install.sh '[Company Code]', which invokes ./blades/bladesUnpack.sh
Additional Information
As a workaround, ./blades/bladesUnpack.sh can be ran after installing the 2.8.0.238774 sensor.
Alternatively, an earlier version of the sensor can be deployed, such as 2.7.0.187460, then upgrade to the desired version from the console, thereby getting all the components installed (as well as the newer agent).
Alternatively, an earlier version of the sensor can be deployed, such as 2.7.0.187460, then upgrade to the desired version from the console, thereby getting all the components installed (as well as the newer agent).
Feedback
Yes
No
Powered by
