Install EDR


Step 1: Install Armor Anywhere

To Install EDR on your device, users must first install the Armor Agent.

Armor security services are designed for workload protection, so users will need to install the Armor Agent with no services active.

To install the Armor Agent only, please follow Step 2, Optional Step 1 in the Armor Agent 3.0 documentation.


Step 2: Install EDR

Once installed, users can install EDR services using the CLI or Armor Toolbox. 

Linux Command

/opt/armor/armor edr install


Windows Command

c:\.armor\opt\armor.exe edr install

EDR can also be installed using the Armor Toolbox. Please see the documentation available on the Armor Toolbox and Agent 3.0 installation scripts

MacOS Big Sur

For users looking to install EDR on macOS Big Sur, please follow this documentation.


Uninstall EDR


Users can install EDR services using the CLI or Armor Toolbox. To uninstall EDR, users must first acquire an Uninstall Code from the Armor Management Portal. 

To obtain a code: 

  1. Navigate to the Infrastructure screen in AMP. 
  2. Select the appropriate Virtual Machine.
  3. Click the Overview tab.
    Click EDR
  4. Click the Get Uninstall Code button. 

EDR assigns each asset a unique ID. Since uninstallation requires an uninstall code for each unique machine ID, administrators cannot perform a fleet uninstallation of EDR. 

Visibility of the Get Uninstall Code is permission based, so if you cannot acquire the uninstall code, see your Administrator.


Linux Command

/opt/armor/armor edr uninstall


Windows Command

c:\.armor\opt\armor.exe edr uninstall

EDR can also be uninstalled using the Armor Toolbox. Please see the documentation available on the Armor Toolbox and Agent 3.0 installation scripts


Other EDR CLI Commands


OperationDescription
helpDisplays a list of available commands.
sync-agent-idSync CoreInstanceId to Carbon Black Endpoint Detection and Response.
show-agent-idDisplay Carbon Black regestered Host ID.
diagnosticsDiagnostics EDR Service.


Fleet Management


Users looking to deploy EDR at scale can use the Armor Toolbox to schedule installation of EDR on multiple machines simultaneously.  The Armor Toolbox is a self-service solution available to users in the AMP. 

Users can learn more about scheduling installation tasks in the Armor Toolbox documentation


Carbon Black User Roles


During EDR sign-up, a user is elected to be the Admin user for the Carbon Black account. That Admin user is configured as in the Carbon Black portal as Super Admin.  The Super Admin user will have all privileges to perform within the Carbon Black portal.  Users must be careful which actions are performed in the portal and be mindful of privileges that are granted to other users.

The tables below captures the Carbon Black user roles and permissions by category. 

Oops, it seems that you need to place a table or a macro generating a table within the Table Filter macro.

The table is being loaded. Please wait for a bit ...

Role CategoryPermissionView AllAnalyst 1Analyst 2Analyst 3Kubernetes Security DevOpsSystem AdminSuper AdminArmor Role
AlertsDismiss Alerts
XXXX
X
AlertsManage Alerts, Notes, and Tags
XXX
XX
AlertsManage Notifications
XXXXXX
AlertsView Alerts, Notes, and TagsXXXX
XXX
AlertsView NotificationsXXXXXXXX
API KeysManage Access Levels





X
API KeysManage API Keys



X
X
API KeysView API Keys
XXXXXX
AppliancesRegister workload appliances and send workload assets to CBCXXXX
XXX
AppliancesView Appliance DetailsXXXXXXXX
Custom DetectionsManage Watchlist Feeds


X

X
Custom DetectionsManage Watchlists


X

X
Custom DetectionsView Watchlist FeedsXXXX
XXX
Custom DetectionsView WatchlistsXXXX
XXX
Device ControlManage Enforcement





X
Device ControlManage External Devices


X

X
Device ControlView External DevicesXXXX
XXX
Endpoint ManagementBypass




XX
Endpoint ManagementDeregister and Delete Sensors




XX
Endpoint ManagementExport Device DataXXXX
XXX
Endpoint ManagementGet and Delete a Hash from Specified Devices

XX
XX
Endpoint ManagementBackground Scan

XX
XX
Endpoint ManagementManage Devices




XX
Endpoint ManagementManage Device Assignments





X
Endpoint ManagementManage Sensor Groups




XX
Endpoint ManagementQuarantine
XXX

X
Endpoint ManagementView Devices and Sensor GroupsXXXX
XXX
InvestigateConduct InvestigationsXXXX
XXX
InvestigateExport Event DataXXXX
XXX
Live QueryUse Live Query


X
XX
Live QueryView Live Query

XX
XX
Live Response








Live ResponseUse Live Response

XX

X
Live ResponseView Live ResponseXXXX
XXX
Organization SettingsConfigure 2FA and SAML





X
Organization SettingsExport Dashboard DataXXXX
XXX
Organization SettingsManage Org Information and Codes





X
Organization SettingsManage Roles





X
Organization SettingsManage Users
XXXXXX
Organization SettingsView and Export Audit LogsX
XX
XX
Organization SettingsDownload Sensor Kits




XX
Organization SettingsView 2FA and SAMLX
XX
XX
Organization SettingsView Org Information and CodesXXXX
XXX
Organization SettingsView UsersXXXX
XXX
Policy ManagementManage Policies





X
Policy ManagementView PoliciesXXXX
XXX
Files and ReputationsDelete Files

XX

X
Files and ReputationsManage Reputations and Auto Banned List


X

X

It is recommended users familiarize themselves with the Carbon Black portal and sign up for access to Carbon Black documentation


Was this helpful?
Your Rating: Results: 1 Star2 Star3 Star4 Star5 Star 4 rates