Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

Environment

CB Defense Sensor: 2.0.x.x and Higher
Microsoft Windows: All Supported Versions

Objective

Explain the steps to collect the scanner folder for review (C:\Program Files\Confer\scanner)

Resolution

Place the sensor into Bypass
Run `net stop cbdefense` from an elevated command prompt
Zip the contents of the "C:\Program Files\Confer\scanner" folder
Delete the scanhost.log file
Run `net start cbdefense` from an elevated command prompt
Bring the sensor out of Bypass

Additional Notes

In most circumstances the entire contents of the Confer folder will be retrieved when pulling Sensor logs
The above steps should only be required when the resulting logs do not include the scanner folder

Related Content

Carbon Black Cloud: How To Collect Sensor Logs Locally (Windows)

Article Information

Author:

Creation Date:

‎02-10-2019

Views:

1637

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.