Environment
- Carbon Black Cloud Sensor: Version 6x and newer
- Microsoft Windows: All versions
Objective
Procedure to stop a manually triggered onDemandScan malware scan. This can be used in situations where an extremely large amount of files are being scanned and the system is experiencing some resource issues
Resolution
To stop a previously started onDemandScan that was launched from the command line, restart the agent service to stop the scan. You will need to be a user that has AuthenticatedRepCLI status to do this.
- Navigate to c:\program files\confer
- Run "repcli bypass 1"
- Run "repcli stopCbServices"
- Run "sc start cbdefense"
- Run "repli status" and confirm that the onDemandScan is no longer running.
Rebooting the operating system will also accomplish the goal of stopping the onDemandScan.
Additional Notes
There are two types of manual scans that can be initiated from the RepCLI command line tool.
- onDemandScan <path> - This scans directories (or all fixed storage if no path is given. This can be stopped using the above procedure.
- localScanner <fullFilePath> - This scans a single file only. This cannot be stopped using the above procedure.
There is also a background scan, which occurs automatically at sensor install. This cannot be stopped using the above procedure. This scan will continue until complete, but you can pause it via the console in the Inventory Page, by selecting the sensor and using the Take Action menu.
onDemandScans always run in an "expedited" state (versus Standard). Expedited scans run 5x faster than a Standard scan, and as such will have a larger impact on system performance.
Related Content