n Rules file and agent installer packages must be uploaded to the server from the Downloads
page of the Broadcom Customer Portal. Beginning with Carbon Black App Control Server
v8.1.4, rules and agent installers have been separated from the server installation to allow for
greater flexibility in updates.
n For a new Carbon Black App Control server, you must upload the rules file and agent
package installers to the server before agents can be downloaded to endpoints.
n For a server upgraded from a previous version, your previous rules and agent installers
remain in place, but there might be new rule and agent updates.
n Policies determine the groups of security settings available to endpoints — every agent
belongs to a policy. See "Creating and Configuring Policies" in the
Carbon Black App Control
User Guide
if you have not yet created policies.
n Script Rules are best created and enabled before you deploy agents. This ensures that
all files matching those rules are in the inventory and can be approved or banned if you
choose. Script rules created or enabled after an agent is deployed require that endpoints
be rescanned before the files they identify are inventoried. See "Script Rules" in the
Carbon
Black App Control User Guide
for more details.
n Review the expired certificate validation setting, especially if you will be running endpoints
offline. If you intend to allow file approval by certificates that have expired, make this choice
before you download and install the agents on permanently offline endpoints — otherwise,
they cannot use expired certificates. See "Approval with Expired Certificates" in the
Carbon
Black App Control User Guide
for more details.
n Initial Policy assignment to an endpoint can be determined by Active Directory data, as
described in "Assigning Policy by Active Directory Mapping" in the
Carbon Black App Control
User Guide
— or by the agent installer, as described in Downloading Agent Installers.
Although you can change this decision later, determining how you want policies assigned
before installing agents is recommended.
n Preparing a reference endpoint for a “snapshot” of files can give you a baseline for the files
in your environment if you plan to closely monitor changes in your file inventory. Ideally, this
is a clean computer onto which you install only the applications that you would like to run on
some or all of your systems. After the endpoint is prepared, you can install the agent and,
after initialization is complete, use the Snapshot process as described in "Monitoring Change:
Baseline Drift Reports" in the
Carbon Black App Control User Guide
.
Installation and Initialization
For each security policy you create, an agent installer is created for each supported platform
(Windows, macOS, or Linux) for which an initial installer package has been uploaded to the
server. Each agent installer includes the policy assigned to the computer and the Carbon Black
App Control server address
If you do not use AD-based policy assignment, you choose the agent installer for each endpoint
based on the endpoint’s platform and the policy that you want to control that endpoint.
Carbon Black App Control Agent Installation Guide
VMware by Broadcom 8