Environment
- EDR Sensors: 7.2.0 and Higher
- Microsoft Windows: All Supported Versions
- Microsoft .NET 4.5 and Higher
Objective
How to collect diagnostics using the sensordiags.exe tool for sensors in a sensor group with Tamper Protection enabled.
Resolution
There are two methods to do this:
- Via CB Live Response:
- Establish a CB Live Response session and enter (replace <username> with your username):
-
execfg cmd.exe /c sensordiag -type CDE -output c:\users\<username>\desktop\
- Collect the zip file from c:\users\<username>\desktop.
- Locally on the endpoint:
- Open an elevated command prompt.
- Copy sensordiag.exe to a writable and executable path (replace <username> with your username):
-
copy c:\windows\carbonblack\sensordiag.exe c:\users\<username>\desktop\
- Execute sensordiag.exe:
-
c:\users\<username>\desktop\sensordiag.exe -type CDE -output c:\users\<username>\desktop\
- Collect the zip file from c:\users\<username>\desktop.
Related Content