Knowledge Base

Yes

Environment

Carbon Black Cloud Web Console: All Versions
Carbon Black Cloud Windows Sensor: 3.0.x.x and Higher
Microsoft Windows: All Supported Versions

Symptoms

execfg command run within a Live Response session returns the following error:

c:\users\{UserName}\desktop\> execfg powershell.exe /c "set-executionpolicy unrestricted -force"
Preparing file...
Command must be executed from an existing directory that you have 'write' access to.

Cause

This issue is caused when execfg is leveraged within Live Response to execute applications that do not have stdout or stderr messages

Resolution

1. Leverage exec in situations where there is no stdout or stderr messages

2. Another possible workaround / syntax is to use the -o option (for output file)

execfg -o c:\temp\counters.txt repcli counters

Additional Notes

The below error can safely be ignored as the command executes without issue.

Command must be executed from an existing directory that you have 'write' access to.

The above error message output will be addressed in a future backend release.

Knowledge Base

Carbon Black Cloud: Live Response Execfg Commands Return Error "Command must be executed from an existing directory that you have 'write' access to"

Carbon Black Cloud: Live Response Execfg Commands Return Error "Command must be executed from an existing directory that you have 'write' access to"

Environment

Symptoms

Cause

Resolution

Additional Notes

Carbon Black Cloud

Endpoint Standard

Enterprise EDR

Knowledge Base

Carbon Black Cloud: Live Response Execfg Commands Return Error "Command must be executed from an existing directory that you have 'write' access to"

Carbon Black Cloud: Live Response Execfg Commands Return Error "Command must be executed from an existing directory that you have 'write' access to"

Environment

Symptoms

Cause

Resolution

Additional Notes

Carbon Black Cloud

Endpoint Standard

Enterprise EDR

Thank you for your feedback.

Thank you for your feedback.