Disable/Enable Tamper Protection
search cancel

Disable/Enable Tamper Protection

book

Article ID: 286718

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

Steps to enable/disable Tamper Protection on App Control Agent(s).

Environment

  • App Control Agent: All Supported Versions
  • App Control Console: All Supported Versions
  • Microsoft Windows: All Supported Versions
  • macOS: All Supported Versions
  • Linux: All Supported Versions

Resolution

Disabling Tamper Protection will allow modification of the folders & files the Agent relies upon, disabling, or even uninstallation of the Agent. Tamper Protection should only be disabled temporarily. Always verify Tamper Protection is re-enabled.

To manage Tamper Protection on all Agents (Global):

  1. Navigate to https://YourAppControlServerName/support.php
  2. Go to the "Advanced Configuration" tab
  3. Under "Agent Configuration" select the box next to "Disable Tamper Protection"
  4. Click "Update" at the bottom of the page
  5. To re-enable tamper protection un-check the box and click "Update" again.

To manage Tamper Protection on a specific Policy:

  1. Navigate to https://YourAppControlServerName/agent_config.php
  2. Add a Filter to the View for > Value > contains > disable_self_protect=
  3. Edit this Config to enable it, by changing the value from disable_self_protect=0 to disable_self_protect=1
  4. Use the below fields:
    • Property Name: Leave Default
    • Host Id (0 For All): 0 (Only 1 Host ID may be entered if choosing a specific device, otherwise All (0) should be used)
    • Value: disable_self_protect=1  *ensure that there are no spaces before or after the value that is typed*
    • Macros: Leave blank
    • Platforms: Leave default
    • Status: Enabled
    • Create for: Selected Policies > relevant Policies
  5. To re-enable Tamper Protection, disable or delete the above Agent Config. Changing the value to disable_self_protect=0 will also work.

To manage Tamper Protection on a single Agent using the Console:

  1. Navigate to Assets > Computers > relevant Computer.
  2. On the Computer Details page > right-hand side > Advanced > Disable Tamper Protection.
  3. To re-enable: navigate to the same location and choose "Enable Tamper Protection"

To manage Tamper Protection on a single Windows Agent, using the command prompt:

  1. Open a command prompt and issue the following commands:
    cd "C:\Program Files (x86)\Bit9\Parity Agent\"
    dascli password GlobalCLIPassword
    dascli tamperprotect 0
    
    -- To re-enable, authenticate with the Agent and use the command:
    dascli tamperprotect 1

To manage Tamper Protection on a single macOS Agent, using Terminal:

  1. Open a Terminal window and issue the following commands:
    cd /Applications/Bit9/tools
    ./b9cli --password GlobalCLIPassword
    ./b9cli --tamperprotect 0
    
    -- To re-enable, authenticate with the Agent and use the command:
    ./b9cli --tamperprotect 1

To manage Tamper Protection on a single Linux Agent, using Terminal:

  1. Open a Terminal window and issue the following commands:
    cd /opt/bit9/bin
    ./b9cli --password GlobalCLIPassword
    ./b9cli --tamperprotect 0
    
    -- To re-enable, authenticate with the Agent and use the command:
    ./b9cli --tamperprotect 1

Additional Information

  • By default the Agent is configured to use the Agent Config, "disable_self_protect=0".
  • Policy settings override Global settings, Agent settings override Policy settings. This means if Tamper Protection is enabled for the Policy but disabled Globally, the Agent will honor the Policy setting.