Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Endpoint Standard: How to Stop Sensor Services With RepCLI

Endpoint Standard: How to Stop Sensor Services With RepCLI

Environment

  • Endpoint Standard (formerly CB Defense) Sensor: 3.4.x.x and higher
  • Microsoft Windows: All supported versions

Objective

Use the RepCLI utility to stop sensor services

Resolution

  1. Log into the machine with a user account that matches the AD User or Group SID configured for RepCLI authentication 
  2. Launch a Command Prompt
  3. Change directory to C:\Program Files\Confer 
    cd C:\Program Files\Confer
  4. Bypass must be enabled on the Sensor before services can be stopped
    C:\Program Files\Confer> repcli bypass 1
    Sensor is in bypass mode
  5. Stop CB services
    C:\Program Files\Confer> repcli stopcbservices
    Successfully sent command to stop the service via RepUtilStopService
    

Additional Notes

  • Restart Sensor services via command line
    C:\> net start cbdefense
  • Sensor bypass can be enabled with RepCLI, through the Sensor UI, or through the Console prior to stopping services
  • Sensor services cannot be started with the RepCLI utility
  • Sensor services can be started with services.msc or windows CLI commands (net start, sc start, etc.)
  • 3.4.x.x and higher Sensors is installed as an Early Launch Anti-Malware (ELAM) protected service on Windows 10 1903 (19H1) or higher , and this method must be used to stop the cbdefense service
  • If installed on a version of Windows prior to ELAM protection, the older method of stopping the services can be used (CB Defense: How to Stop the CB Defense Services)

Related Content


Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
Creation Date:
‎09-09-2020
Views:
5669
Contributors