cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

EDR: How to Collect Windows Sensor Diagnostics Logs (6.2.1 and below)

EDR: How to Collect Windows Sensor Diagnostics Logs (6.2.1 and below)

Environment

  • EDR: All versions (Formerly CB Response)
  • EDR Windows Sensor: 6.2.1 and Below
  • Windows OS: All supported versions

Objective

Generate a Windows endpoint report for diagnostic and troubleshooting purposes.

Resolution

  1. Download CbDiag.exe.zip
  2. Open Windows Command Prompt (cmd.exe)
  3. Run cbdiag.exe with admin permissions
  4. Press Enter or 0 to select "Take a new diag" option
CbDiag.exe prompt
Sample Output:
CbDiag.exe prompt and output

Additional Notes

  • More utility options:
CbDiag.exe /?
  • The resulting file is generated in the same directory as the cbdiag.exe utility.
  • Resulting file name format:  <date-time>.diag.gz
  • Administrator permissions require access to system file paths and registry keys.
  • Disable CB Tamper Protect Updater if Cb Protection is installed. 
  • If applicable, locally approve the utility hash within your CB Protection Web UI
MD5: ee1ca8d128cef17d19ede004bc774c29
  • Sensor reports under 25 MB can be attached directly to a Carbon Black Technical Support case. 
  • Files larger than 25 MB should be uploaded to CB Vault.
Data collected:
  • Basic System Information
  • Carbon Black product logs
  • System event logs
  • System Crash dumps
  • Cb product registry keys 
  • System registry keys related to crash dumps
  • Cb product binary information
  • Running system drivers and processes
  • Installed system services, hardware, software

Related Content


Labels (1)
Tags (2)
Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
Creation Date:
‎02-22-2019
Views:
4389