Environment

• EDR Windows Sensor: 6.1.13
• Windows OS: All supported versions

Objective

Resolution

1. Download CbDiag.exe.zip
2. Open Windows Command Prompt (cmd.exe)
3. Run cbdiag.exe with admin permissions
4. Press Enter or 0 to select "Take a new diag" option

This is a article attached image

This is a article attached image

Additional Notes

• More utility options:

CbDiag.exe /?

• The resulting file is generated in the same directory as the cbdiag.exe utility.
• Resulting file name format:  <date-time>.diag.gz
• Administrator permissions require access to system file paths and registry keys.
• Disable CB Tamper Protect Updater if Cb Protection is installed. 
• If applicable, locally approve the utility hash within your CB Protection Web UI

MD5: ee1ca8d128cef17d19ede004bc774c29

• Sensor reports under 25 MB can be attached directly to a Carbon Black Technical Support case. 
• Files larger than 25 MB should be uploaded to CB Vault.

• Basic System Information
• Carbon Black product logs
• System event logs
• System Crash dumps
• Cb product registry keys 
• System registry keys related to crash dumps
• Cb product binary information
• Running system drivers and processes
• Installed system services, hardware, software

Related Content