EDR: How to create a gold disk image for VDI Instant Clones
search cancel

EDR: How to create a gold disk image for VDI Instant Clones

book

Article ID: 292597

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

To create a Gold Image that will ensure all new instances of VDI Instant Clones will check in as unique sensors to the EDR Server

Environment

  • EDR (Formerly CB Response) Sensor: All Supported Versions
  • Microsoft Windows: All Supported Versions

Resolution

  1. Create this batch file in the Gold Image, which should leave all clients with the ID of 0 when being forked: 
    #stop cb service
sc stop CarbonBlack

# delete on-disk events
del C:\Windows\CarbonBlack\EventLogs\eventlog_*.zip

#Add in registry key to ensure that sensor gets reassigned a sensor ID
reg add HKEY_LOCAL_MACHINE\SOFTWARE\CarbonBlack\config /f /v SensorId /d 0
  2. Create a scheduled task for the SensorID reset in the Gold Image which runs above batch file as Action
  3. Shutdown the Gold Image

Additional Information

  • When new instances spin up, they will now check in to get assigned a sensor ID
  • To check this, navigate to the registry key: HKEY_LOCAL_MACHINE\SOFTWARE\CarbonBlack\config and check the value of the Sensor ID 
  • This sensor ID should be populated with a unique value
Powered by Wolken Software