Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: Sig column out of date or not reported when On Access File Scan Mode is Disabled

Carbon Black Cloud: Sig column out of date or not reported when On Access File Scan Mode is Disabled

Environment

  • Carbon Black Cloud Console: All Versions
  • Carbon Black Cloud Sensor: 2.0.x.x and Higher
  • Microsoft Windows: All Supported Versions

Symptoms

  • Sig column on Endpoints page shows Outdated (red triangle) or Not yet reported (grey square)
  • Sensor Policy has On Access File Scan Mode set to Disabled
  • Sensor Policy has Allow Signature Updates set to Enabled

Cause

Disabling On Access File Scan turns off the Local Scanner and it no longer reports Signature Version information to the Console

Resolution

Enable On Access File Scan Mode on Sensor Policy

Additional Notes

  • Having On Access File Scan Mode disabled also disables the Local Scanner, in that it will not be used by machines in Polices configured this way
  • If Allow Signature Updates is Enabled, Sensors will continue downloading and installing updates but will not report that to the Cloud
  • Once On Access File Scan Mode is enabled Sensors will check-in and begin reporting the currently-installed version again

Related Content


Was this article helpful? Yes No
0% helpful (0/1)
Article Information
Author:
Creation Date:
‎02-16-2021
Views:
2292
Contributors