Environment
- CB Defense Sensor: 2.0.x.x and Higher
- Microsoft Windows: All Supported Versions
Objective
Explain the steps to collect the scanner folder for review (C:\Program Files\Confer\scanner)
Resolution
- Place the sensor into Bypass
- Run `net stop cbdefense` from an elevated command prompt
- Zip the contents of the "C:\Program Files\Confer\scanner" folder
- Delete the scanhost.log file
- Run `net start cbdefense` from an elevated command prompt
- Bring the sensor out of Bypass
Additional Notes
- In most circumstances the entire contents of the Confer folder will be retrieved when pulling Sensor logs
- The above steps should only be required when the resulting logs do not include the scanner folder
Related Content