How to deploy Carbon Black Sensor on Non-persistence Horizon Virtual Machine (VDI)
Endpoint Standard (Formerly CB Defense) Sensor 3.6.x and Higher
Microsoft Windows: All Supported Versions
Desktop Infrastructure (VDI) Master Image Non-Persistent Virtual
VMware Horizon View
To deploy Endpoint Standard Sensors to a Non-Persistent VDI Master Image, which is subsequently cloned
Note : Best Practice (for non-persistent VDI only) includes turning off background scan and signature updates.
For sensors 3.6.x and Higher:
1. Create a policy group called "Virtual Desktops" in the CB console.
2. Install sensor on the "Master Image" using below command:
--> Open CMD with Run as Administrator .
--> Navigate to the CB sensor installation location.
--> Run the below command
msiexec /i installer_vista_win7_win8-64-3.6.0.xxxx.msi" /qn /L C:\IT\logs\CarbonBlackSensor_log.log COMPANY_CODE="XXXXXXXXXXXXX" GROUP_NAME="Virtual Desktops" CLI_USERS=S-1-5-32-544 AUTO_CONFIG_MEM_DUMP=0
--> Verify the CB icon visible on the taskbar or Add/remove program
3. Once the installation is complete, reboot the VM & post login edit the .cfg file to update the company code ( C:\Program Files\confer\cfg.ini ).
a. Open CMD with Elevated Privilege to put CB in bypass mode : --> cd C:\Program files\confer
--> RepCli.exe bypass 1
b. Open the file C:\Program files\confer\cfg.ini and update the company code to "XXXXXXXXXXXX"
c. Enable the Sensor by disabling the bypass mode
--> RepCli.exe bypass 0 ( C:\Program files\confer\RepCli.exe )
4. Take snapshot of the master image / Parent Template
Now we have to RUN the Re-register task using the Dynamic Environment Manger (DEM) to re-register the cloned VM to CB console with the login is user name.
5. Login to VMware Dynamic Environment Manager & open the Management Console
a. Go to User Environment tab, expand to the Logon Tasks
b. Right Click on Logon Tasks, Create a new Task & provide the required details & Save.
Name : CarbonBlack Sensor Re-register
Command : "C:\Program Files\Confer\RepCLI.exe" reregister now
Once the snapshot is ready , open the Horizon Admin Console and Recompose the Instant Clone Pool with the New Snapshot to verify the cloned VM's are reporting to CB console.
That's all guys. Will discuss more on Carbon Black in my upcoming post, stay tuned ..