EDR: Sensordiag Disappears After Running sensordiag.exe
search cancel

EDR: Sensordiag Disappears After Running sensordiag.exe

book

Article ID: 284930

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

  • File can be seen in the C:\Windows\CarbonBlack\Diags directory during sensordiag.exe execution but disappears shortly afterward.

Environment

  • EDR Sensor: 7 - 7.20 Versions

Cause

  • The EDR Server is attempting to upload the file to the EDR Server and then remove it from the C:\Windows\CarbonBlack\Diags directory. 

Resolution

  • Workaround: Change the output location of the sensordiag file.
    • Run the following command, replacing <dir> with the preferred location.
C:\Windows\CarbonBlack\sensordiag.exe -type CDE -output C:\<dir>
  • The sensordiag will be located in the C:\<dir>\Diags directory 
  • Item was fixed in the 7.2.1 Sensor Release.