Environment
- Carbon Black Cloud Console: All Versions
- Carbon Black Cloud Sensor: 2.7.0.x and Higher
- Endpoint Standard (was CB Defense)
- Enterprise EDR (was CB ThreatHunter)
- Linux: All Supported Versions (with noted support for the above two products)
Symptoms
- Attempts to enable Bypass mode fail
- No Observation Event or Process data shown on Investigate page
- Only Live Response function works
- No /var/opt/carbonblack/psc/blades directory exists on endpoint OR /var/opt/carbonblack/psc/blades only has /40E797FD-4322-4D33-8E8C-EF697F4C2323 subfolder (only Audit & Remediation is installed)
- No /var/opt/carbonblack/psc/log/cbagentd-install.log exists on endpoint OR contains message ending with "agent will not run"
Cause
Only dpkg or rpm was installed, either manually or via software provisioning tool ("dpkg -i", "rpm -i"), without installing blades for remaining functionality
Resolution
Follow the instructions in the
Sensor Installation Guide to run either install.sh or bladesUnpack.sh to finish installing blades and enable all Sensor functionality
Additional Notes
- When only the dpkg or rpm install occurs the Sensor only has Live Response functionality
- Sensor Installation Guide makes it clear that install.sh or bladesUnpack.sh MUST be run after intial dpkg/rpm install
Related Content