Santosh Kumar Behera
Installing VMware Carbon Black Sensor using Workspace ONE UEM
In my previous blogs, I have explained the various ways to install the Carbon Black sensor in a non-persistent VDI & Full Clone VDI environment. In this blog, I will explain how to install the Carbon Black sensor on devices that are managed by VMware Workspace ONE UEM.
Endpoint Standard (Formerly CB Defense) Sensor 3.6.x and Higher
Microsoft Windows Client OS / all Supported Versions in Horizon
VMware Workspace ONE UEM
First, we have to create the application package in VMware Workspace ONE UEM.
Log in to the Workspace ONE UEM management console and go to Resources >>
Apps>>Native and click on the Add > Application File.
Click on the Upload > Choose file and select the Carbon Black Cloud Sensor installer --> Click Save to upload the file.
After a minute the upload will be ready. The sensor is not a dependency app, so leave it at NO and click Continue.
Workspace ONE UEM will now analyze the installer and come up with an application overview on how the application should be installed. 99% of the time you need to adjust a couple of settings to get the application correctly installed. First of all, check the Supported Processor Architecture. This is set at 32-bit by default. As we are installing the sensor on Windows 10 64-bit, change it to 64-bit.
Click on the Files tab and scroll down to "App Uninstall Process" section, provide the uninstall command or just leave it with .\q or use the script. In our case I am using the command with company uninstall code, so when admin needs can uninstall the app from WS1 Catalog, can execute the task
When you click on the Deployment Options tab, you will see that the Install Command is already filled. We need to change this because if we leave this default the endpoint sensor does not know the destination Carbon Black Cloud instance which the endpoint will communicate, so we need to add the COMPANY_CODE, GROUP_NAME and CLI_USERS parameter to the command line and log the path as optional.
The command line should look like this:
msiexec /i "installer_vista_win7_win8-64-220.127.116.113.msi" /qn /L C:\vmware\logs\CarbonBlackSensor_log.log COMPANY_CODE="7PR————#E8" GROUP_NAME=Endpoint-Windows CLI_USERS=S-1-5-32-544
COMPANY CODE : Company registration code from the CB cloud console.
CLI_USERS : This parameter on the golden image enables REPCLI usage on the clones. The value is the Security Identifier (SID) of the user account/group that will run repcli commands on the clone.
GROUP_NAME : Mention the Policy Name which has the necessary exclusions are applied to the policy.
After you entered the correct command line, click Save & Assign.
Note: From the "Images" tab, click on the Icon and add the required icon if needed.
You have various options to assign an application. I have created a UAT assignment group which I am using to deploy applications to Windows 10 devices.
For the App Delivery Method, I selected On Demand, where we can select the device and push the application, I also enabled the application will be visible in the App Catalog.
You can set these options as you like, click Save to continue.
Click Publish to finish the creation of the native app in Workspace ONE UEM.
The application is ready to be pushed to all devices in the assignment group. Of course, you can install the same from the App Catalog as well, Carbon Black sensor will be silently installed on the device.
Before application installation status in Workspace ONE UEM console
Now you can check if the installation was successful and the sensor is up and running after pushing the apps from Workspace ONE UEM console
You can open the task manager on the device, and check if the Carbon Black processes are running.
We can also check the Workspace ONE UEM console to verify if the app is installed. Click Devices > Select a device and click on the Apps tab.
As you can see installation of VMWare Carbon Black sensor through VMware Workspace ONE UEM is very straightforward. Keep an eye for more on Carbon Black and Workspace ONE Intelligence in my upcoming post, stay tuned.