Environment
- Carbon Black Cloud Console
Question
- What are the different hash deletion failure codes written to the Audit Log?
- Example : Failure deleting hash 'xxxx' off of device 'xxxx' at path '\x\xx\xxx.exe'. Reason: SCHEDULED_FOR_DELETION
Answer
Following are the possible failure codes that can be logged in the audit log incase of failure:
UNKNOWN - Reason for delete is unknown
SUCCESS - Delete request succeeded
BLOCKED_BY_OS - Delete request blocked by OS or other security product
FILE_TRUSTED - Sensor has blocked delete due to hash being a trusted system/critical file
FILE_TYPE_UNSUPPORTED - Deleting of this file type is unsupported by the sensor (i.e. doc files on autodelete)
FILE_NOT_FOUND - Unable to find file on sensor
HASH_UNKNOWN - Hash could not be found on device
HASH_CHANGED - Hash of file no longer matches hash in delete request
SCHEDULED_FOR_DELETION - File has been scheduled for deletion by sensor on next reboot
Related Content
