Environment
- Carbon Black Cloud Sensor: All Supported Versions
- Microsoft Windows: All Supported Versions
Objective
How to completely stop/start the Carbon Black Cloud Sensor for testing purposes.
Resolution
Disable Sensor:
- Log into the machine with a user account that matches the AD User or Group SID configured for RepCLI authentication.
- Launch a Command Prompt.
- Change directory to C:\Program Files\Confer.
cd C:\Program Files\Confer
- Bypass must be enabled on the Sensor before services can be stopped.
repcli bypass 1
Sensor is in bypass mode
- Stop Sensor services.
repcli stopcbservices
Successfully sent command to stop the service via RepUtilStopService
Enable Sensor:
- From an administrative Command Prompt, execute the following commands.
net start cbdefense
The CB Defense service was started successfully.
- Change directory to C:\Program Files\Confer.
cd C:\Program Files\Confer
- Remove the Sensor from Bypass.
repcli bypass 0
Sensor is fully enabled
Additional Notes
- Sensor Bypass can be toggled with RepCLI or through the Console while the services are running.
- Sensor services cannot be started with the RepCLI utility, but can be started via services.msc or elevated Command Prompt (e.g. net start, sc start, etc.).
Related Content
