Disable/Enable Tamper Protection
search cancel

Disable/Enable Tamper Protection

book

Article ID: 286718

calendar_today

Updated On: 03-10-2025

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

Steps to enable/disable Tamper Protection on App Control Agent(s).

Environment

  • App Control Agent: All Supported Versions
  • App Control Console: All Supported Versions
  • Microsoft Windows: All Supported Versions
  • macOS: All Supported Versions
  • Linux: All Supported Versions

Resolution

WARNING: Disabling Tamper Protection will allow modification of the folders & files the Agent relies upon, disabling, or even uninstallation of the Agent. Tamper Protection should only be disabled temporarily. Always verify Tamper Protection is re-enabled.

 

Manage Tamper Protection via Console

All Agents (Global):

  1. Navigate to https://YourAppControlServerName/support.php
  2. Go to the "Advanced Configuration" tab
  3. Under "Agent Configuration" select the box next to "Disable Tamper Protection"
  4. Click "Update" at the bottom of the page
  5. To re-enable tamper protection un-check the box and click "Update" again.

Specific Policy:

  1. Log in to the Console and navigate to: https://YourAppControlServerName/agent_config.php
  2. Add a Filter to the View for > Value > contains > disable_self_protect=
  3. Edit the existing Config or Add a new Agent Config accordingly:
    • Property Name: Leave Default
    • Host ID: 0
    • Value: Set the value to match exactly, with no extra/trailing spaces: 
      disable_self_protect=1
    • Macros: Leave blank
    • Platforms: Leave default
    • Status: Enabled
    • Create for: Selected Policies > relevant Policies
  4. To re-enable Tamper Protection
    • Disable or delete the above Agent Config or
    • Change the value to disable_self_protect=0

Specific Agent:

  1. Navigate to Assets > Computers > relevant Computer.
  2. On the Computer Details page > right-hand side > Advanced > Disable Tamper Protection.
  3. To re-enable: navigate to the same location and choose "Enable Tamper Protection"

 

Locally on the Endpoint

Windows

  1. Open an administrative command prompt and issue the following commands: 
    cd "C:\Program Files (x86)\Bit9\Parity Agent\"
dascli password GlobalCLIPassword
  2. Disable Tamper Protection and the Protected Service (Agent 8.10.0+) 
    dascli tamperprotect 0

    If Agent 8.10.0+
    dascli registerprotected 0
  3. To re-enable use the dascli commands: 
    If Agent 8.10.0+ first issue:
    dascli registerprotected 1

    dascli tamperprotect 1

macOS

  1. Open a Terminal window and issue the following commands: 
    cd /Applications/Bit9/tools
./b9cli --password GlobalCLIPassword
./b9cli --tamperprotect 0
  2. To re-enable, authenticate with the Agent and use the command 
    ./b9cli --tamperprotect 1

Linux

  1. Open a Terminal window and issue the following commands: 
    cd /opt/bit9/bin
./b9cli --password GlobalCLIPassword
./b9cli --tamperprotect 0
  2. To re-enable, authenticate with the Agent and use the command: 
    ./b9cli --tamperprotect 1

Additional Information

  • By default the Agent is configured to use the Agent Config, "disable_self_protect=0".
  • Policy settings override Global settings, Agent settings override Policy settings. This means if Tamper Protection is enabled for the Policy but disabled Globally, the Agent will honor the Policy setting.
Powered by Wolken Software