Environment

• CB Defense PSC Web Console: All Versions
• CB Defense PSC Sensor: All Versions
• Microsoft Windows: All Versions
• Apple MacOS: All Versions

Objective

Resolution

Endpoints Page

1. Search for the device where Bypass was Enabled. Status can be changed to "All" to widen the search scope or "Bypass" to narrows the search scope.
2. Under Device Last Check-In there will be one of two bypass descriptions:
   • Sensor Bypass (User Action) - An end user placed the sensor in bypass from the Sensor UI, if this is enabled. See https://community.carbonblack.com/t5/Knowledge-Base/CB-Defense-How-to-Enable-Disable-Bypass-from-the... and 
   • Sensor Bypass (Admin Action) - An administrator placed the sensor in bypass from the CB Defense PSC Web Console. See https://community.carbonblack.com/t5/Knowledge-Base/CB-Defense-How-to-Enable-Disable-Bypass-from-the...

Inbox Page

• Enable Bypass

00:00:00 am\pm <MM> <DD>, <YY> <device hostname>\<user> bypass Sent to Sensor <admin username> On 
00:00:00 am\pm <MM> <DD>, <YY> <device hostname>\<user> bypass triggered <admin username> On

• Disable Bypass 

00:00:00 am\pm <MM> <DD>, <YY> <device hostname>\<user> bypass Sent to Sensor <admin username> Off 
00:00:00 am\pm <MM> <DD>, <YY> <device hostname>\<user> bypass triggered <admin username> Off

Additional Notes

•  Sensor is in Active mode
•  Sensor is in Bypass mode
• Sensor is in Quarantine mode

Related Content