IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

EDR: How to Collect Windows Sensor Diagnostic Logs (6.1.13)

EDR: How to Collect Windows Sensor Diagnostic Logs (6.1.13)


  • EDR Windows Sensor: 6.1.13
  • Windows OS: All supported versions


Generate a Windows endpoint report for diagnostic and troubleshooting purposes.


  1. Download
  2. Open Windows Command Prompt (cmd.exe)
  3. Run cbdiag.exe with admin permissions
  4. Press Enter or 0 to select "Take a new diag" option
This is a article attached imageThis is a article attached image
Sample Output:
This is a article attached imageThis is a article attached image

Additional Notes

  • More utility options:
CbDiag.exe /?
  • The resulting file is generated in the same directory as the cbdiag.exe utility.
  • Resulting file name format:  <date-time>.diag.gz
  • Administrator permissions require access to system file paths and registry keys.
  • Disable CB Tamper Protect Updater if Cb Protection is installed. 
  • If applicable, locally approve the utility hash within your CB Protection Web UI
MD5: ee1ca8d128cef17d19ede004bc774c29
  • Sensor reports under 25 MB can be attached directly to a Carbon Black Technical Support case. 
  • Files larger than 25 MB should be uploaded to CB Vault.
Data collected:
  • Basic System Information
  • Carbon Black product logs
  • System event logs
  • System Crash dumps
  • Cb product registry keys 
  • System registry keys related to crash dumps
  • Cb product binary information
  • Running system drivers and processes
  • Installed system services, hardware, software

Related Content

Labels (1)
Tags (2)
Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Creation Date: