Environment
- Carbon Black Cloud Console: All Versions
- Carbon Black Cloud Sensor: 2.0.x.x and Higher
- Microsoft Windows: All Supported Versions
Symptoms
- Sig column on Endpoints page shows Outdated (red triangle) or Not yet reported (grey square)
- Sensor Policy has On Access File Scan Mode set to Disabled
- Sensor Policy has Allow Signature Updates set to Enabled
Cause
Disabling On Access File Scan turns off the Local Scanner and it no longer reports Signature Version information to the Console
Resolution
Enable On Access File Scan Mode on Sensor Policy
Additional Notes
- Having On Access File Scan Mode disabled also disables the Local Scanner, in that it will not be used by machines in Polices configured this way
- If Allow Signature Updates is Enabled, Sensors will continue downloading and installing updates but will not report that to the Cloud
- Once On Access File Scan Mode is enabled Sensors will check-in and begin reporting the currently-installed version again
Related Content