logo

Knowledge Base

Access official resources from Carbon Black experts

Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: How to Review Blocking Events in Windows Event Viewer (3.0 and above)

Carbon Black Cloud: How to Review Blocking Events in Windows Event Viewer (3.0 and above)

Environment

  • Carbon Black Cloud Windows Sensor: 3.0 and above
  • Windows OS: All Supported Versions

Objective

Introuduce how to check CBC blocking events in Windows Event Viewer

Resolution

  1. Open Event Viewer
  2. Go to Windows Logs -> Application
  3. Search for "CbDefense" or "Carbon Black", and you will see blocking events from CBC.
OR
  1. Open Event Viewer
  2. Go to Windows Logs -> Application
  3. Under "Actions" menu select "Filter Current Log..."
  4. In the Event Sources drop down select "CbDefense" to view only Cb Defense Events

Additional Notes

Search "CbDefense" in Event View can also give you CBC related events like service start, service stop, background scan, etc.

Related Content


Was this article helpful? Yes No
0% helpful (0/1)
Article Information
Author:
CB_Support
Creation Date:
‎10-04-2020
Views:
2585
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.