logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

Carbon Black Cloud: How to check current dynamic Sensor Management Content Manifests (Windows)

Carbon Black Cloud: How to check current dynamic Sensor Management Content Manifests (Windows)

Environment

  • Carbon Black Cloud Console: All Versions
    • Endpoint Standard
    • Enterprise EDR
    • Audit & Remediation
    • Workload
  • Carbon Black Cloud Sensor: 3.6.x.x and Higher
  • Microsoft Windows: All Supported Versions

Objective

Provide steps to check on the current revision of dynamic detection and prevention features (management content manifests) and the last date and time it was updated for a given Sensor.

Resolution

  • via cmd.exe
    1. Run cmd.exe
    2. Check Sensor status, matching on Manifest 
      "C:\Program Files\Confer\RepCLI.exe" status | findstr Manifest
    3. Output will show version/revision in use
  • via PowerShell
    1. Run powershell.exe
    2. Check Sensor status, matching on Manifest 
      & 'C:\Program Files\Confer\RepCLI.exe' status | Select-String Manifest
    3. Output will show version/revision in use

Additional Notes

  • Example Output - No Errors/Alarms

    EEDR Reporting Revision[108]: Enabled (Manifest)
     Unified Binary Store (UBS) Metadata Reporting Revision[27]: Enabled (Manifest)
     Unified Binary Store (UBS) Upload Revision[31]: Enabled (Manifest)
     Ransomware Detection Revision[6]: Enabled (Manifest)
     Ransomware Prevention Revision[10]: Enabled (Manifest)
     Device Control Reporting Policy Revision[11]: Enabled (Manifest)
     Privilege Escalation Report Revision[4]: Enabled (Manifest)
     Privilege Escalation Prevention Revision[3]: Enabled (Manifest)
     Carbon Black Threat Intelligence Detection Revision[6]: Enabled (Manifest)
     AMSI Threat Intelligence Detection Revision[45]: Enabled (Manifest)
     Credential Theft Detection Revision[16]: Enabled (Manifest)
     Credential Theft Prevention Revision[10]: Enabled (Manifest)
     Carbon Black Threat Intelligence Prevention Revision[6]: Enabled (Manifest)
     AMSI Threat Intelligence Prevention Revision[21]: Enabled (Manifest)
     Disguised Names Detection Revision[15]: Enabled (Manifest)
     IoA rules Revision[3]: Enabled (Manifest)
   Last Manifest Content Update Time[MM/DD/YYYY hh:mm:ss]
  • If checking for Manifest in 'repcli status' output returns 'ManifestDownloadFailure' the Sensor is or was having issues downloading data from the content management service (content.carbonblack.io) 
    ManifestDownloadFailure: <Number> times, MM/DD/YYYY hh:mm:ss
    • If the <Number> in the output does not increase on subsequent checks, the Sensor is not having ongoing problems with downloading content manifests
    • If the <Number> in the output does increase on subsequent checks, the Sensor is having ongoing problems with downloading content manifests and actions should be taken to allow communications to content.carbonblack.io

Related Content


Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
CB_Support
Creation Date:
‎08-06-2021
Views:
5185
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.