Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: Local Scan Disabled or Version not yet reported

Carbon Black Cloud: Local Scan Disabled or Version not yet reported

Environment

  • Carbon Black Cloud Windows Sensor: All Supported Versions 
  • Windows:  All Supported Versions

Symptoms

Windows Endpoints Signature Status will display a grey icon with a Local Scan Disabled or Version not yet reported message in the Console.

This is a article attached imageThis is a article attached image

Cause

  • The Endpoint OS is not Windows
  • The "Local Scan" Policy Option "Allow Signature Updates" is "disabled"
  • The "Local Scan" Policy Option "On-Access File Scan Mode" is "disabled"
This is a article attached imageThis is a article attached image

Resolution

  1. Ensure Allow Signature Updates is enabled
  • Enforce -> Policies -> Select Policy -> Local Scan -> Allow Signature Updates
  • The AV signature pack update will complete with time.
       2. Set On-Access File Scan Mode to either Normal or Aggressive. 
       3. If the problem persists, run the command from an elevated command prompt on each endpoint.
c:\program files\confer\repcli.exe localScanner updateSignature

 

Additional Notes

  • If only Allow Signature Updates is enabled, Sensors will continue to download and install updates but will not report them to the Cloud unless the On-Access File Scan Mode option is enabled.
  • Once On-Access File Scan Mode is enabled Sensors will check-in and begin reporting the currently-installed version again.
  • Disabling On-Access File Scan turns off the Local Scanner and it no longer reports Signature Version information to the Console.

Related Content


Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎08-12-2022
Views:
152
Contributors