top of page
  • Writer's picturePradeep Kumar

Installing VMware Carbon Black Sensor using VMware Workspace ONE UEM

In my previous blogs, I have explained the various ways to install the Carbon Black sensor in a non-persistent VDI & Full Clone VDI environment.


In this blog, I will explain how to install the Carbon Black sensor on devices that are managed by VMware Workspace ONE UEM.


Environment

  • Endpoint Standard (Formerly CB Defense) Sensor 3.6.x and Higher

  • Microsoft Windows Client OS / all Supported Versions in Horizon

  • VMware Workspace ONE UEM

First, we have to create the application package in VMware Workspace ONE UEM.


  1. Log in to the Workspace ONE UEM management console .

  2. Navigate to Resources --> Apps--> Native and click on Add --> Application File.

3. Click on Upload > Choose file and select the Carbon Black Cloud Sensor MSI file. Click Save to upload the file.

4. After a minute the upload will be ready. The sensor is not a dependency app, so leave it at NO and click Continue.

Workspace ONE UEM will now analyze the installer and come up with an application overview on how the application should be installed. 99% of the time you need to adjust a couple of settings to get the application correctly installed.


First of all, check the Supported Processor Architecture. The default setting is set to 32-bit . As we are installing the sensor on Windows 10 64-bit, then change it to 64-bit.

and click Save & Assign.

5. Click on the Files tab and scroll down to the "App Uninstall Process" section, provide the uninstall command or just leave it with .\q or use the script.

In our case, I am using the command with the company uninstall code, so when the admin require to uninstall the app from WS1 Catalog, they can execute the uninstall task.


6. When you click on the Deployment Options tab, you will see that the Install Command is already updated. We need to change this because if we leave this default the endpoint sensor does not know the destination Carbon Black Cloud instance which the endpoint will communicate, so we need to add the COMPANY_CODE, GROUP_NAME and CLI_USERS parameters to the command line and log the path as optional.

The recommended command line should look like this:

msiexec /i "installer_vista_win7_win8-64-3.7.0.1253.msi" /qn /L C:\vmware\logs\CarbonBlackSensor_log.log COMPANY_CODE="XXXXXXXXXXXXX" GROUP_NAME=Endpoint-Windows CLI_USERS=S-1-5-32-544


Note:

  • COMPANY CODE: Company registration code from the CB cloud console.

  • CLI_USERS: This parameter on the golden image enables REPCLI usage on the clones. The value is the Security Identifier (SID) of the user account/group that will run repcli commands on the clone.

  • GROUP_NAME: Mention the Policy Name which has the necessary exclusions are applied to the policy.

After you entered the correct command line, click Save & Assign.


Note: From the "Images" tab, click on the CB Icon and add the required icon if needed.


You have various options to assign an application. I have created a UAT assignment group which I am using to deploy applications to Windows 10 devices.


For the App Delivery Method, I selected On Demand, where we can select the device and push the application, I also enabled the application will be visible in the App Catalog.


You can set these options as you like, click Save to continue.


Click Publish to finish the creation of the native app in Workspace ONE UEM.

The application is ready to be pushed to all devices in the assignment group. Of course, you can install the same from the App Catalog as well, Carbon Black sensor will be silently installed on the device.


Before application installation status in Workspace ONE UEM console


Now you can check if the installation was successful and if the sensor is up and running after pushing the apps from the Workspace ONE UEM console.


You can open the task manager on the device, and check if the Carbon Black processes are running.


We can also check the Workspace ONE UEM console to verify if the app is installed. Click Devices > Select a device and click on the Apps tab.


Conclusion

As you can see installation of the VMWare Carbon Black sensor through VMware Workspace ONE UEM is very straightforward.


Keep an eye for more on Carbon Black and Workspace ONE Intelligence in my upcoming post, stay tuned.






11 views0 comments

Comments


bottom of page