Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: How to determine if is blocked?

Carbon Black Cloud: How to determine if is blocked?


  • Carbon Black Cloud Console: All Versions
  • Carbon Black Cloud Windows Sensor: 3.6.x.x and Higher
  • Microsoft Windows: All Supported Versions


How to determine if is blocked?


If is blocked, the following symptoms will be observed:
  • Enterprise EDR (was CB ThreatHunter) - Observe that sensor has not uploaded any data since upgrading to 3.6
  • Device Control - Inability to block devices
  • Checking RepCLI status output will display the following alarm: 
    C:\>"C:\Program Files\Confer\RepCLI.exe" status | findstr "ManifestDownloadFailure"
    ManifestDownloadFailure: x times LastTrigger[mm/dd/yyyy hh:mm:ss]

Additional Notes

  • In sensor version 3.6.x.x and above, Enterprise EDR, AMSI Prevention, and Unified Binary Store must be able to access in order to function correctly
  • If a software or hardware firewall exists between the device and the internet, please ensure that outbound connections are allowed to and inbound connections are allowed from
  • Device Control is available with Sensor 3.6.x.x and higher and Carbon Black Cloud Console November '20 Release (0.60) and higher

Related Content

Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Creation Date: