Log into the machine with a user account that matches the AD User or Group SID configured at the time of sensor install
Launch a admin Command Prompt
Run Commands:
cd C:\Program Files\Confer
C:\Users\admin_user> cd C:\Program Files\Confer
C:\Program Files\Confer>
Enter the "repcli" command with no options to view the list of available RepCLI command options
C:\Program Files\Confer> repcli
RepCLI is a command line debugging tool that interacts with the CbDefense service
---------------------------------------------------------------------------------
addpolicy <json filename>| Add specified policy to repmgr
addnav2policy <json filename>| Add specified Nav2 policy to repmgr
bypass 1|0| Enables or disables bypass mode
capture | Create diagnostic capture
certfind <publisher>| Searches for files with specified publisher pattern
cloud <request>| Tells sensor to send a cloud request
counters | Print diagnostic counters
debug 1|0| Enabled or disables debug mode
deletepolicies | Delete all policies
deletepolicy <guid>| Delete policy matching guid
deletepolicyindexed <index>| Delete policy with guid matching index in the order displayed by "querypolicyguids" (index starts at 0)
deviceid | Query sensor device id
displayevents -count [limit events displayed to number] -stream [CbEvent{Bin|Json|PrettyJson|PscProtobuf|PscJson|PscPrettyJson}] -norule [GUID of rule to exclude from output] -initiator [filename of process to watch] -target [file|process|registry|modload|network]| Display PSC-R events reported from repmgr. All arguments are non positional and optional, no arguments will display canonical JSON events until keyboard interrupt
fileaccess <access_level> [full_path]| Sets file-access to specified access level for file(s) being tracked by RepMgr.
find <filename|hash>| Searches for <filename> or <hash> in the file cache
forcebatch | Forces an event batch to be sent even if event quota has not been met
getbatchconfig | Get current configuration for PSCR event batch archiver
getruleslog | Display the contents of Nav2Rules.GetLogs()
kerneltrace <level> [flags]| Enables kernel logging at specified level
lastLiveQueryTime [{relativeTimeBeforeNow}{s|m|h|d}|{TimestampInSeconds}]| Get (if no arg) or set last LiveQuery time
LqIoFiles 1|0| 1- Keep around the LiveQuery InOut Files. 0- (regular functionality) delete the InOut Files
NotifySvcStable | Notify driver the service is stable
OnDemandScan [directory]| Starts a background scan
process <pid>| Query process information
queryrules | Display all rules
queryruleguids | Display GUIDs for all rules
querypolicyguids | Display GUIDs for all policies
resetcounters | Reset diagnostic counters
setbatchconfig -ti [time interval max (s)] -as [archive size max (kB)] -tas [total archives size max (kB)] -hu [archiver heap usage max (kB)]| All arguments are non positional and optional, no arguments will reset archiver config to defaults.
status | Display Sensor Status
suppressrules 1|0 [noreload]| Enable/disable rule based event suppression. Will reload rules from datafile4 unless noreload is set
UpdateAvSignature | Trigger an AV signature update
UpdateConfig | Causes RepMgr to read updated values from cfg.ini
version | Display product version
---------------------------------------------------------------------------------
Additional Notes
Authentication is not required for all commands
Active Directory-based SID authentication provides full access to RepCLI commands
