Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: Where Does the Sensor Installation Process Store Logs on a Mac?

Carbon Black Cloud: Where Does the Sensor Installation Process Store Logs on a Mac?

Environment

  • Carbon Black Cloud Sensor: 3.0.x.x and Higher
  • Apple macOS: All Supported Versions

Question

Where does the sensor installation process store logs on a Mac?

Answer

MacOS Sensor installation logs are stored in the following locations depending on installation status.

Install succeeds:
3.0.x.x - 3.4.x.x
  • /Applications/Confer.app/confer-preinstall.xxxxxxxx.log
  • /Applications/Confer.app/confer-postinstall.xxxxxxxx.log
3.5.x.x and Higher
  • /Applications/Confer.app/cbcloud-preinstall-<timestamp>.log
  • /Applications/Confer.app/cbcloud-postinstall-<timestamp>.log
  • /Library/Application Support/com.vmware.carbonblack.cloud/Logs if Big Sur
Install fails:
 
3.0.x.x - 3.4.x.x
  • /tmp/confer-preinstall.xxxxxxxx.log
  • /tmp/confer-postinstall.xxxxxxxx.log (may not be present)
3.5.x.x and Higher
  • /tmp/cbcloud-preinstall-<timestamp>.log
  • /tmp/cbcloud-postinstall-<timestamp>.log (may not be present)

Additional Notes

  • The /tmp directory is a hidden directory
  • The ability to view hidden files and folders can be toggled with the following keyboard shortcut beginning with macOS 10.13
Cmd+Shift+Period
  • The /tmp directory is a symbolic link to the hidden /private/var/tmp directory
  • Hidden directories can also be accessed with Finder by selecting Go > Go to Folder and entering the absolute file path
  • The uninstallation of the Cb Defense Sensor will also write an uninstall log to the /tmp location

Related Content


Was this article helpful? Yes No
50% helpful (1/2)
Article Information
Author:
Creation Date:
‎12-14-2018
Views:
6255
Contributors