Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Endpoint Standard: How to Run an On Demand Scan With RepCLI

Endpoint Standard: How to Run an On Demand Scan With RepCLI

Environment

  • Carbon Black Cloud Windows Sensor: 3.3.x.x and Higher
    • Endpoint Standard
  • Microsoft Windows: All Supported Versions

Objective

Run an expedited on-demand scan on entire drives or specific directories with the RepCLI utility

Resolution

  1. Log into the machine with a user account that matches the AD User or Group SID configured at the time of sensor install
  2. Launch a Command Prompt
  3. Change directory to C:\Program Files\Confer
  4. Run the following command
    repcli ondemandscan [directory path]
  5. Progress can be tracked with the "repcli status" command, which includes scan information under the General Info section
    C:\Program Files\Confer> repcli status
    
    General Info:
            Sensor Version[3.3.0.984]
            Local Scanner Version[4.9.0.264 - ave.8.3.52.154:avpack.8.4.3.26:vdf.8.15.17.116]
            Sensor State[Enabled]
            Details[]
            Kernel File Filter[Connected]
            Background Scan[Expedited Scan]
            Total Files Processed[2025]  Current Directory[C:\Program Files\Common Files\VMware\InstallerCache]

Additional Notes

  • The OnDemandScan will run as an expedited scan, which means the scan will run faster than a normal background scan and may impact performance.
  • The OnDemandScan will not directly remove known malware.  The results will be the same as the background scan that ran after Sensor install. 
  • The OnDemandScan will run on the specified directory and and generate file hashes and reputation lookups. This data will be stored in a local database for future file lookups.
  • Any on-demand scans launched by RepCLI will be logged in the Windows Application Logs under Event ID 17.
  • if do not specify a path argument, the sensor will scan all "fixed" drives by default.
  • The sensor will not scan any external or USB drives.
  • The OnDemandScan will only run on the contents of a specified directory or Drive, it can not run on individual files.

Related Content


Was this article helpful? Yes No
67% helpful (2/3)
Article Information
Author:
Creation Date:
‎11-27-2018
Views:
24239
Contributors