logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

Endpoint Standard: How to verify AV Signatures are updating

Endpoint Standard: How to verify AV Signatures are updating

Environment

  • Carbon Black Cloud (formerly PSC) Console: All Versions
    • Endpoint Standard (formerly CB Defense) sensor: 2.0 and higher
  • Microsoft Windows: All Supported Versions
  • Local Scan and Signature Updates enabled

Objective

Provide steps to verify Local Scanner Virus Definition files (VDF) are updating on Endpoint Standard Sensor

Resolution

Via Endpoints page

  1. Go to the Endpoints page in the CBC Console
  2. Search for the desired Device Name
  3. Expand the Device Details
  4. Check 'Scan Engine' field for VDF version; Example:  
    Scan Engine: 4.11.0.307-ave.8.3.54.68:avpack.8.5.0.12:vdf.8.16.19.110:apc.2.10.0.110
  5. Check the published date for the VDF version listed: https://community.carbonblack.com/t5/Knowledge-Base/Endpoint-Standard-How-To-Determine-Latest-VDF-Ve...
NOTE: If signatures are up to date, the "SIG" column on the Endpoint page will display a green circle for the endpoint.

 

Live Response (LR) with RepCLI enabled

  1. Go to the Endpoints page
  2. Search for the desired Device Name
  3. Click on the Live Response icon ('>_') to initiate LR session
  4. Change directory to the Confer folder 
    cd C:\Program Files\Confer
  5. Run command to get current Sensor status 
    repcli status
  6. Check 'Local Scanner' line for VDF version; Example:  
    Local Scanner Version[4.11.0.307 - ave.8.3.54.68:avpack.8.5.0.12:vdf.8.16.19.110:apc.2.10.0.110]
  7. Check the published date for the VDF version listed: https://community.carbonblack.com/t5/Knowledge-Base/Endpoint-Standard-How-To-Determine-Latest-VDF-Ve...

Locally on endpoint using cmd.exe

  1. Connect to the desired device
  2. Launch cmd.exe
  3. Run the following commands:
In 3.5 an earlier sensor versions: 
type "c:\Program Files\Confer\scanner\upd.log" | find "\aevdf.dat" | find "!="
In 3.6 and later sensor versions: 
type "C:\ProgramData\CarbonBlack\Logs\upd.log" | find "\aevdf.dat" | find "!="
  1. Copy the highest VDF version (last entry returned); Example: 
    Callback: C:\Program Files\Confer\scanner\...\aevdf.dat 8.16.19.108 != 8.16.19.110
  2. Check the published date for the VDF version listed: https://community.carbonblack.com/t5/Knowledge-Base/Endpoint-Standard-How-To-Determine-Latest-VDF-Ve...

Related Content


Was this article helpful? Yes No
75% helpful (3/4)
Article Information
Author:
CB_Support
Creation Date:
‎09-08-2020
Views:
9054
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.