Environment
- Carbon Black Cloud Console: All Versions
- Endpoint Standard Sensor: All Versions
- Microsoft Windows: All Supported Versions
Objective
Provide steps for determining the latest Virus Definition File (VDF) version and the date and time associated with it for the Local Scanner
Resolution
Chrome
- Log into Carbon Black Cloud Console
- Open DevTools, select Network tab and Preview sub-tab
- Go to Endpoints page
- Check DevTools for 'sigPackVersionHistory'
- Expand the last array (numbers called out in [XXX ... XXX])
- The last item is the most recent VDF version, along with timestamp
[400 ... 405]
405: {aevdf_version: "8.16.16.28", timestamp: "2019-06-05T13:18Z"}
Firefox
- Log into Carbon Black Cloud Console
- Open DevTools, select Network tab and Response sub-tab
- Go to Endpoints page
- Check DevTools for 'sigPackVersionHistory'
- Scroll to the bottom of the list and expand the last number (XXX: {...})
- The last item is the most recent VDF version, along with timestamp
405: {...}
aevdf_version: 8.16.16.28
timestamp: 2019-06-05T13:18Z
Safari
- Log into Carbon Black Cloud Console
- Open Web Inspector, select Network tab and Response sub-tab
- Go to Endpoints page
- Check Web Inspector for 'sigPackVersionHistory'
- Scroll to the bottom of the list
- The last item is the most recent VDF version, along with timestamp
}, {
"aevdf_version": "8.16.16.28"
"timestamp": "2019-06-05T13:18Z"
}]
sigPackVersionHistory API Call
- Log into Carbon Black Cloud Console
- Correct the URL to point to sigPackVersionHistory
Prod05 Example:
https://defense-prod05.conferdeploy.net/appservices/v5/sigPackVersionHistory
- Scroll to the end of the list to find the most recent VDF Version and Timestamp
Example:
{"aevdf_version": "8.16.21.146", "timestamp": "2019-08-21T16:47Z"}]
Additional Notes
- The information in reflects the most recent versions of the VDF file seen across a given environment, not for a specific organization
- It is also possible to search for a specific VDF version to get the timestamp associated within DevTools/Web Inspector by searching for the VDF version (x.xx.xx.xxx) within 'sigPackVersionHistory'
- The data available via this method is a rolling 90-day history, and is not inclusive of all possible previous versions
Related Content