Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: How to check current dynamic Sensor Management Content Manifests (Windows)

Carbon Black Cloud: How to check current dynamic Sensor Management Content Manifests (Windows)

Environment

  • Carbon Black Cloud Console: All Versions
    • Endpoint Standard
    • Enterprise EDR
    • Audit & Remediation
    • Workload
  • Carbon Black Cloud Sensor: 3.6.x.x and Higher
  • Microsoft Windows: All Supported Versions

Objective

Provide steps to check on the current revision of dynamic detection and prevention features (management content manifests) and the last date and time it was updated for a given Sensor.

Resolution

  • via cmd.exe
    1. Run cmd.exe
    2. Check Sensor status, matching on Manifest
      "C:\Program Files\Confer\RepCLI.exe" status | findstr Manifest
    3. Output will show version/revision in use
  • via PowerShell
    1. Run powershell.exe
    2. Check Sensor status, matching on Manifest
      & 'C:\Program Files\Confer\RepCLI.exe' status | Select-String Manifest
    3. Output will show version/revision in use

Additional Notes

  • Example Output - No Errors/Alarms

    EEDR Reporting Revision[108]: Enabled (Manifest)
         Unified Binary Store (UBS) Metadata Reporting Revision[27]: Enabled (Manifest)
         Unified Binary Store (UBS) Upload Revision[31]: Enabled (Manifest)
         Ransomware Detection Revision[6]: Enabled (Manifest)
         Ransomware Prevention Revision[10]: Enabled (Manifest)
         Device Control Reporting Policy Revision[11]: Enabled (Manifest)
         Privilege Escalation Report Revision[4]: Enabled (Manifest)
         Privilege Escalation Prevention Revision[3]: Enabled (Manifest)
         Carbon Black Threat Intelligence Detection Revision[6]: Enabled (Manifest)
         AMSI Threat Intelligence Detection Revision[45]: Enabled (Manifest)
         Credential Theft Detection Revision[16]: Enabled (Manifest)
         Credential Theft Prevention Revision[10]: Enabled (Manifest)
         Carbon Black Threat Intelligence Prevention Revision[6]: Enabled (Manifest)
         AMSI Threat Intelligence Prevention Revision[21]: Enabled (Manifest)
         Disguised Names Detection Revision[15]: Enabled (Manifest)
         IoA rules Revision[3]: Enabled (Manifest)
       Last Manifest Content Update Time[MM/DD/YYYY hh:mm:ss]
  • If checking for Manifest in 'repcli status' output returns 'ManifestDownloadFailure' the Sensor is or was having issues downloading data from the content management service (content.carbonblack.io)
    ManifestDownloadFailure: <Number> times, MM/DD/YYYY hh:mm:ss
    • If the <Number> in the output does not increase on subsequent checks, the Sensor is not having ongoing problems with downloading content manifests
    • If the <Number> in the output does increase on subsequent checks, the Sensor is having ongoing problems with downloading content manifests and actions should be taken to allow communications to content.carbonblack.io

Related Content


Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
Creation Date:
‎08-06-2021
Views:
1850
Contributors