Environment
- Carbon Black Cloud Console: All Versions
- Carbon Black Cloud Sensor: All Versions
- Microsoft Windows: All Versions
- Apple MacOS: All Versions
Objective
How to verify Bypass Mode from the Carbon Black Cloud Console
Resolution
Endpoints Page
In order for Sensor Bypass actions to take effect, the sensor must check-in to the Carbon Black Cloud backend. Typically this occurs every 5-10 minutes.- Search for the device where Bypass was Enabled. Status can be changed to "All" to widen the search scope or "Bypass" to narrows the search scope.
- Under Device Last Check-In there will be one of two bypass descriptions:
- Sensor Bypass (User Action) - An end user placed the sensor in bypass from the Sensor UI, if this is enabled. See Carbon Black Cloud: How to Enable\Disable Bypass from the Sensor UI and
- Sensor Bypass (Admin Action) - An administrator placed the sensor in bypass from the CB Defense PSC Web Console. See https://community.carbonblack.com/t5/Knowledge-Base/CB-Defense-How-to-Enable-Disable-Bypass-from-the...
Inbox Page
Triggered: Admin requested Bypass via Console Sent to Sensor: Sensor checked into Console, received Bypass hint
- Bypass Enabled
REQUEST TIME
DEVICE SUBTYPE STATUS REQUESTED BY ACTION Date/Time {InstalledBy} / {DeviceName} Bypass Triggered {AdminEmail} On Date/Time {InstalledBy} / {DeviceName} Bypass Sent to Sensor {AdminEmail} On
- Bypass Disabled
REQUEST TIME
DEVICE SUBTYPE STATUS REQUESTED BY ACTION Date/Time {InstalledBy} / {DeviceName} Bypass Triggered {AdminEmail} Off Date/Time {InstalledBy} / {DeviceName} Bypass Sent to Sensor {AdminEmail} Off
Additional Notes
Sensor UI Taskbar Icon Meanings
The Sensor Bypass (Admin Action) status is currently used as the default reason if there is a driver failure as well. So this status does not always mean that an Admin initiated the bypass. There is an enhancement request to enable additional bypass reasons here.
| Pre 3.5 | Post 3.5 | Sensor Mode |
 |  | Active |
 |  | Bypass |
 |  | Quarantine |
Related Content
Carbon Black Cloud: How to Enable\Disable Bypass from the Sensor UI
Carbon Black Cloud: How to Enable\Disable Bypass from the Web Console?
Add Additional Sensor Bypass Reasons To CB Defense PSC Dashboard
Carbon Black Cloud: How to Enable\Disable Bypass from the Web Console?
Add Additional Sensor Bypass Reasons To CB Defense PSC Dashboard
Thank you for your feedback.
Your feedback has been submitted and will be reviewed.