Environment

• Carbon Black Cloud Console: All Versions
  • Endpoint Standard (was CB Defense)
• Carbon Black Cloud Sensor: 2.0.x.x and Higher
• Microsoft Windows: All Supported Versions

Objective

How to set up the Local Scan feature of Cb Defense

Resolution

• Disabled - Turns the local AV Scan off for machines in the selected policy. If your organization uses a different Antivirus engine, this may be the best option for your organization.
• Normal - Scans any new files when they execute for the first time. Old files that already existed on the machine before the sensor was installed will not be scanned. This is the default setting.
• Aggressive - Scans all files when they execute for the first time.

Additional Notes

• Local Scan Settings are not supported by the Linux or macOS Sensor (any version) or Windows Sensor versions prior to 2.0.x.x
• Files will be assigned a reputation based on the scan outcome. If the scan identifies a malicious file, it will be flagged.
• Other configuration options within the "Local Scan Settings" tab are related to downloading the latest virus definitions. See Cb Defense: How to Download the AV Signature Pack and Configure Updates for Local Scan

Related Content

Cb Defense: How to Download the AV Signature Pack and Configure Updates for Local Scan
Cb Defense: Best Practices for Deploying Windows Sensor Versions 2.0.1.x+
Cb Defense: How To Set Up A Local Mirror for AV Signature Updates
Cb Defense: Verify the Latest Local Scanner Signature Version