top of page
Writer's picturePradeep Kumar

How to deploy Carbon Black Sensor on Non-persistence Horizon Virtual Machine (VDI)

Environment

  • Endpoint Standard (Formerly CB Defense) Sensor 3.6.x and Higher

  • Microsoft Windows: All Supported Versions

  • Desktop Infrastructure (VDI) Master Image Non-Persistent Virtual

  • VMware Horizon View

  • VMware DEM (Dynamic Environment Manager)

Objective

To deploy Carbon black Endpoint Standard Sensors to a VMware Non-Persistent VDI Master Image, which is subsequently cloned.

Resolution

Note: Best Practice (for non-persistent VDI only) includes turning off background scan and signature updates.


For sensors 3.6.x and Higher:

1. Create a policy group called "Virtual Desktops" in the CB console.

2. Install the CB sensor on the "Master Image" using the below command:

  • Open CMD with Run as Administrator.

  • Navigate to the CB sensor installation location.

  • Run the below command

msiexec /i installer_vista_win7_win8-64-3.6.0.xxxx.msi" /qn /L C:\IT\logs\CarbonBlackSensor_log.log COMPANY_CODE="XXXXXXXXXXXXX" GROUP_NAME="Virtual Desktops" CLI_USERS=S-1-5-32-544 AUTO_CONFIG_MEM_DUMP=0

  • Verify the CB icon visible on the taskbar or Add/remove the program

3. Once the installation is complete, reboot the master image and post-login edit the cfg file to update the company code ( C:\Program Files\confer\cfg.ini ).


a. Open CMD with Elevated Privilege to put CB in bypass mode : Command: cd C:\Program files\confer RepCli.exe bypass 1


b. Open the file C:\Program files\confer\cfg.ini and update the company code to "XXXX"


c. Enable the Sensor Protection mode by disabling the bypass mode

--> RepCli.exe bypass 0 ( C:\Program files\confer\RepCli.exe )

4. Take a snapshot of the master image / Parent Template.

5. Now we have to RUN the Re-register task using the Dynamic Environment Manager (DEM) to re-register the cloned VDI VM to the CB console with the current login user name.


6. Login to VMware Dynamic Environment Manager & open the Management Console

a. Go to User Environment tab, expand to the Logon Tasks

b. Right Click on Logon Tasks, Create a new Task & provide the required details & Save.

Name : CarbonBlack Sensor Re-register

Command : "C:\Program Files\Confer\RepCLI.exe" reregister now


Once the snapshot is ready, open the Horizon View Admin Console and Recompose the Instant Clone Pool with the New Snapshot to verify the cloned VM's are reporting to CB cloud console.


That's all guys. Will discuss more on Carbon Black in my upcoming post, stay tuned ..

20 views0 comments

Comentarios


bottom of page