Environment
- Endpoint Standard Sensor: All Supported Versions
- Microsoft Windows: All Supported Versions
Objective
How to clean up Scanhost.log and Scanhost.log.tmp files in situations where they're larger than they're supposed to be.
Resolution
Remotely:
- Clone the Policy
- Edit the Local Scan tab, setting the Scanner Config option below:
On-Access File Scanning Mode = Disabled
- Move effected device to the new policy, and wait for it to receive the policy changes
- Place the device temporarily into Bypass Mode, and wait for the device to receive this change
- Launch GoLive
- Navigate to the following location:
C:\ProgramData\CarbonBlack\Logs
- Delete Scanhost.log and ScanHost.log.tmp
- Disable Bypass Mode
- Move device back to original policy
Locally:
- Place effected device into Bypass mode
- Stop the services via repcli
- Zip the file:
C:\ProgramData\CarbonBlack\Logs\scanhost.log
- Delete the file:
C:\ProgramData\CarbonBlack\Logs\scanhost.log.tmp
- Run the following to start services
net start cbdefense
- Bring the device out of Bypass mode
Related Content
