logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

Cb Defense: Troubleshooting Performance and Interop Issues with the Sensor

Cb Defense: Troubleshooting Performance and Interop Issues with the Sensor

Version

Cb Defense (formerly Confer) - All

Topic

This document provides information on how to troubleshoot to performance and Interop Issues with the Sensor for Windows and MAC

Steps

If a sensor is installed on a machine and any variety of issues is present, do not uninstall the sensor. Removal of the Sensor de-registers the device and log files are no longer accessible. A performance or interoperability issue may be that a program seems to be taking a long time to open or a program or operation is being delayed or blocked. The best approach when troubleshooting any issues that are directly or indirectly related with the sensor is to enable bypass. Bypass or passive mode or Passthru are synonyms that are used in various places. When a Sensor is in bypass, it runs in the background but does not collect any information or perform any operations.

If an issue occurs where an installation is being blocked, a program seems to be launching or running slowly, or a program does not seem to be behaving properly, the workflow to troubleshoot is:

  1. Log what the user was doing and what time the event occurred. Collect all relevant information about that point in time (i.e. Machine Hostname, software, date and time, etc)
  2. Put the sensor into bypass so the user may continue using the system without any further issues.
  3. Notify Technical Support via a case.
  4. Technical Support will request and collect the log files from the UI for investigation.
  5. Other information may be required during the investigation, but Technical Support will ultimately outline what is required and when the device can resume normal and non-bypassed operation.

To put a machine into Bypass:

  1. From the Enrollment page, click the checkbox in the respective row for that device.
  2. Click Actions - "Enable Bypass"
  3. In the back-end, this request is queued.
  4. When the sensor checks in, the request will be processed and the device will go into bypass.
  5. Verify that the device shows as Bypass-Enabled in the UI in Enrollment

Related solution

Cb Defense: Verify if a Sensor is in Bypass mode on the local workstation

Labels (1)
Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
carl_hefele
Creation Date:
‎07-21-2016
Views:
2965
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.