Methods To Upgrade The App Control Agent
search cancel

Methods To Upgrade The App Control Agent

book

Article ID: 286512

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

Methods to upgrade the App Control agent

Environment

  • App Control Agent: All Supported Versions
  • Microsoft Windows: All Supported Versions
  • macOS: All Supported Versions
  • Linux: All Supported Versions

Resolution

Table of Contents

All Platforms (Automatic Upgrades via Console)

Turning Console Upgrades On

When a new Agent installer is uploaded to the Server, the global option to upgrade Agents (manually or automatically) via the Console is turned off. Before turning this feature on, verify which Policies are configured to start Automatic Upgrades and which are not, and adjust accordingly.
  1. Log in to the Console and navigate to Rules > Policies.
  2. Click Show Columns > Automatically Upgrade Agents (or Allow Upgrades) > Apply > Review which Policies are set for automatic upgrades
Agents that are in a Policy with the option Automatically Upgrade Agents (Server 8.10+) or Allow Upgrades (Server 8.9+) checked on will start upgrading immediately after the Console Upgrade feature is turned on.
  1. Log in to the Console and navigate to Settings > System Configuration > Advanced Options > Edit.
  2. Locate the section Carbon Black App Control Agent > Automatic Agent Upgrades (or Allow Agent Upgrades)
  3. Choose Enabled and click Save.

To Start Agent Upgrades

  1. To upgrade ALL agents in a Policy > Go to Rules > Policies > Edit the relevant Policies > Select the Checkbox for "Automatically Upgrade Agents"
  2. To upgrade ONE agent at a time > Go to Assets > Computers > Check the box for the relevant Computer(s) > Action > Upgrade Computers

Windows

Manual Upgrade via CMD (Major)

These steps should be used when the Agent Product GUID has changed.

  1. Log in to the App Control Server.
  2. In Windows Explorer, navigate to "C:\Program Files (x86)\Bit9\Parity Server\hostpkg"
  3. Copy the files: ParityHostAgent.msi and configlist.xml to a location that is accessible to the endpoint being upgraded.
  4. From an administrative command prompt execute: 
    msiexec /i /qN "C:\Path\To\ParityHostAgent.msi" B9_CONFIG="C:\Path\To\configlist.xml" /L*v+ "C:\Temp\AgentUpgrade.log"

Manual Upgrade via CMD (Minor)

These steps should be used when the Agent Product GUID has not changed.

  1. Log in to the App Control Server.
  2. In Windows Explorer, navigate to "C:\Program Files (x86)\Bit9\Parity Server\hostpkg"
  3. Copy the file ParityHostAgent.msi to a location that is accessible to the endpoint being upgraded.
    • Note: Do not rename ParityHostAgent.msi. Doing so for a minor upgrade will cause the upgrade to fail with the message "Error determining package source type"
  4. From an administrative command prompt execute: 
    msiexec /fvamus "C:\Path\To\ParityHostAgent.msi" B9_NOCONFIG=1 /L*v "C:\Temp\AgentUpgrade.log"

Upgrades via 3rd Party Utilities

NOTES:

  • It is recommended to follow the same upgrade pacing as the Server (max 360 Agent upgrades/hr) when upgrading via 3rd party utilities.
  • Agent upgrades via 3rd party utilities require temporarily enabling allow_upgrade=1 before issuing the relevant upgrade command.
    • An Agent Config can be created for All Hosts in a specific Policy with this Value: 
      allow_upgrade=1
    • Having this Agent Config received by the Agent, prior to issuing the upgrade command, would remove the requirement to script authenticating with the Agent and using the setconfigprop command.
    • This Agent Config should only be used temporarily, and disabled after upgrades are completed.
  1. Issue the commands: 
    cd "C:\Program Files (x86)\Bit9\Parity Agent"
    dascli password GlobalCLIPassword
    dascli setconfigprop allow_upgrade=1
  2. Pass the relevant (Major/Minor) upgrade command
  3. Remove the flag: 
    cd "C:\Program Files (x86)\Bit9\Parity Agent"
    dascli password InsertCLIPasswordHere
    dascli setconfigprop allow_upgrade=0

macOS

Manual Upgrade via Terminal

  1. Log in to the App Control Server.
  2. In Windows Explorer, navigate to "C:\Program Files (x86)\Bit9\Parity Server\hostpkg"
  3. Copy the upgrade file Bit9MacInstall.bsx to a location that is accessible to the endpoint being upgraded
  4. From terminal issue the commands: 
    cd /Applications/Bit9/tools
    ./b9cli --password InsertCLIPasswordHere
    ./b9cli --tamperprotect 0
    cd ~/Downloads
    sudo bash Bit9MacInstall.bsx
  5. Re-enable tamper protection after the upgrade completes:
    ./b9cli --tamperprotect 1

Linux

Manual Upgrade via Terminal

  1. Log in to the App Control Server.
  2. In Windows Explorer, navigate to "C:\Program Files (x86)\Bit9\Parity Server\hostpkg"
  3. Copy the upgrade file Bit9RedHat{6,7,8 or 9}Install.bsx to a location that is accessible to the endpoint being upgraded
  4. From terminal issue the commands:
    cd /opt/bit9/bin
    ./b9cli --password InsertCLIPasswordHere
    ./b9cli --tamperprotect 0
    sudo bash Bit9Redhat{6,7,8,9}Install.bsx
  5. Re-enable tamper protection after the upgrade completes:
    ./b9cli --tamperprotect 1

Additional Information

  • By default the App Control Server will attempt to upgrade 1 Agent every 10 seconds when Automatic Upgrades is enabled.
  • On average, total upgrade pacing is ~360 per hour assuming no errors occur. This pacing helps prevent unnecessary load on the App Control Server.
  • More information can be found in the Agent Installation Guide.
  • Whenever a new Agent package is uploaded, the newest version of the Policy Installer files should be used for Agent installs.
  • If the Resource Download Location (by default: https://YourServer/hostpkg) is available to the endpoints, the URL can be used for the file paths: 
    msiexec /i /qN "https://YourServer/hostpkg/pkg.php?pkg=ParityHostAgent.msi" B9_CONFIG="https://YourServer/hostpkg/pkg.php?pkg=configlist.xml" /L*v+ "C:\Temp\AgentUpgrade.log"
Powered by Wolken Software