Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Cb Defense: How to tell where Local AV Signature update was downloaded from?

Cb Defense: How to tell where Local AV Signature update was downloaded from?

Environment

  • Cb Defense Windows Sensor: Versions 2.x+

  • Windows: All Supported Versions

Objective

Find out the URL which AV signature update was downloaded from.

Resolution

  1. Make sure Local AV Signature update is enabled for the device (Cb Defense: How to Download the AV Signature Pack and Configure Updates for Local Scan)
  2. Open C:\Program Files\Confer\scanner\upd.log
  3. Search for "Param 9" in the events within target time window
  4. You should see where the signature package is downloaded from, for example:

Param 9 --internet-srvs=http://updates.cdc.carbonblack.io/update

Additional Notes

"upd.log" will be available after the sensor updates AV signatures successfully at least once.

Related Content

Cb Defense: How to Download the AV Signature Pack and Configure Updates for Local Scan

Cb Defense: How To Set Up A Local Mirror for AV Signature Updates

Cb Defense: Verify the Latest Local Scanner Signature Version

Labels (1)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎03-26-2018
Views:
2285
Contributors