Environment
- Cb Response Server: All Versions
- Cb Response Sensor: All Versions
Question
What process(es) or executables are used to run Cb Live Response by the sensor?
Answer
- The process used by the sensor to run a Live Response session is C:/Windows/CarbonBlack/cb.exe
Additional Notes
- Communication from the sensor still comes through the sensor port (443) via nginx service and then gets forwarded to the LiveResponsePort where the Live Response service is running. The CB Response sensor service process running on the endpoint is responsible for the Live Response activity on the endpoint.
- No .dlls are used to run Cb Live Response on the endpoint
- Live Repsonse communicates over port TCP/443
Related Content