Unable to find version of carbon black agent in mac os as it creates the folder named bit9 instead of appname.app
I leverage the version of the service “CBDefence”. It works well in my environment on the Windows Systems. How are you getting the info currently?
BR,
Quentin
versions of services "CarbonBlack" should get you what you need or versions of services "CbDefense" as string
Though it looks like there are a few services for CB that you could try get data from
| Process Name | Running Process |
|---|---|
| Cb Defense Sensor Service | RepMgr64.exe |
| Cb Defense Sensor WSC Service | RepWSC64.exe |
| Cb Defense Sensor Utility Tool | RepUtils32.exe |
| Cb Defense Sensor Notification Utility | RepUx.exe |
| Cb Defense Scanner Service | scanhost.exe |
Sorry for half information i am looking for carbon black version in Mac Os system after installation it creates folder of bit9 instead of appname.app
If you didn’t have BigFix, how would you check?
I have bigfix access
Understood. I know BigFix, but I don’t know Carbon Black or MacOS. If you tell me how to find the version of Carbon Black outside of BigFix, I can possibly help you with how to do the same with BigFix.
This is what we use for CB Cloud Sensor (formerly Cb Defense). You can also adopt it for Cb App Control (formerly Cb Protect and was Bit9 prior to that) and Cb ERD Sensor (formerly Cb Response).
(if (windows of it) then (version of service "CbDefense" as string | "") else (if(unix of it) then (If(name of it as lowercase contains "linux") then (version of packages ("cbagentd";"cb-psc-sensor") of (if exists properties whose (it as string contains "debianpackage:") then debianpackages else if exists properties whose (it as string contains "rpm:") then rpms else ERROR "The operators are not defined.") as string | "") else ("")) else (if(mac of it) then (version of applications whose (name of it as string as lowercase contains "confer") as string | "") else (nothing)))) of operating system
2 Likes
Solved
if (name of operating system as lowercase contains “win”) then (value “DisplayVersion” of it) of keys whose (exists value “DisplayName” whose(it as string contains “Carbon Black App Control Agent”)of it) of keys “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall” of x32 registries as string else if (mac of operating system) then version of application whose (name of it contains “b9notifier”) as string | “” else “Not Installed”
Just as a side thought for furture, this could stop working for the Windows OS in a scenario where the vendor changes the display name. Knowing a bit of the background of Carbon Black App Control, it used to be called Bit9, then became Carbon Black Protect, then after VMWare aquired CarbonBlack it was rebranded as App Control. Throughout those 3 branding changes however, the service name has remained consistent, “parity”. Inspecting the version of the Windows service could be a more resilient approach than looking at registry keys.
Q: (if (windows of it) then (version of service "parity" as string | "Not Installed") else (if(mac of it) then (version of applications whose (name of it as lowercase contains "b9notifier") as string | "Not Installed") else (nothing))) of operating system
A: Not Installed
2 Likes
Yes thanks good idea