Environment
- EDR Windows Sensor: 6.1.13
- Windows OS: All supported versions
Objective
Generate a Windows endpoint report for diagnostic and troubleshooting purposes.
Resolution
- Download CbDiag.exe.zip
- Open Windows Command Prompt (cmd.exe)
- Run cbdiag.exe with admin permissions
- Press Enter or 0 to select "Take a new diag" option
This is a article attached imageSample Output:
This is a article attached image
Additional Notes
CbDiag.exe /?
- The resulting file is generated in the same directory as the cbdiag.exe utility.
- Resulting file name format: <date-time>.diag.gz
- Administrator permissions require access to system file paths and registry keys.
- Disable CB Tamper Protect Updater if Cb Protection is installed.
- If applicable, locally approve the utility hash within your CB Protection Web UI
MD5: ee1ca8d128cef17d19ede004bc774c29
- Sensor reports under 25 MB can be attached directly to a Carbon Black Technical Support case.
- Files larger than 25 MB should be uploaded to CB Vault.
Data collected:
- Basic System Information
- Carbon Black product logs
- System event logs
- System Crash dumps
- Cb product registry keys
- System registry keys related to crash dumps
- Cb product binary information
- Running system drivers and processes
- Installed system services, hardware, software
Related Content