Sign In
Help
Employee Login
Knowledge Base
Access official resources from Carbon Black experts
Advanced Search
Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments |
Download Now
Carbon Black Community
:
Resources
:
Knowledge Base
:
Cb LiveOps: Querying User Account Certificates Ret...
Cb LiveOps: Querying User Account Certificates Returns No Results
Options
Article History
Subscribe to RSS Feed
Bookmark
Subscribe
Printer Friendly Page
Report Inappropriate Content
Cb LiveOps: Querying User Account Certificates Returns No Results
Environment
Cb Defense PSC Console: All Versions
Cb Defense Sensor: Version 3.3 and Higher
Microsoft Windows: All Supported Versions
Cb LiveOps: LiveQuery page
Symptoms
Querying the certificates table in LiveQuery returns items in the System/Local Computer store, not from the user account or personal store
Running same query using osqueryi on an endpoint returns all certificates from user and local computer stores
Cause
Cb Defense Sensor runs queries in local system/local machine context only
Resolution
Query needs to be run in the user context to get results that include personal certificates
Run the query directly from osqueryi on the endpoint to return results from the user/personal and the local/machine account store
Additional Notes
LiveQuery only runs in the local system context, no user impersonation available
Results for other contexts (such as user) will not be returned
Related Content
Cb LiveQuery : How to Query Endpoints Using Query Builder
Cb LiveQuery : How to Free-Form Query Endpoints
Using osqueryi
Labels
(2)
Labels:
Audit and Remediation
Carbon Black Cloud
Tags
(3)
Tags:
cb liveops
cb predictive security cloud
issue resolution
Was this article helpful?
Yes
No
No ratings
Article Information
Author:
CB_Support
Creation Date:
12-06-2018
Views:
354
Contributors
esullivan
Cookie Settings
Name
Valid.
Please fill out this field.
Email Address
InValid.
Please fill out valid email.
Uex Username
Company Name
Valid.
Please fill out this field.
Issue Type
Registration / Login / Password Issues
Can't Access Group
Add/Remove User
Group Admin Help
Partner
Uninstall Keys
Other
Please do not send sensitive data through this form
Description
Valid.
Please fill out this field.
Description length should be less 30K