EDR: Sensordiag Disappears After Running sensordiag.exe
book
Article ID: 284930
calendar_today
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
- File can be seen in the C:\Windows\CarbonBlack\Diags directory during sensordiag.exe execution but disappears shortly afterward.
Environment
- EDR Sensor: 7 - 7.20 Versions
Cause
- The EDR Server is attempting to upload the file to the EDR Server and then remove it from the C:\Windows\CarbonBlack\Diags directory.
Resolution
- Workaround: Change the output location of the sensordiag file.
- Run the following command, replacing <dir> with the preferred location.
C:\Windows\CarbonBlack\sensordiag.exe -type CDE -output C:\<dir>
- The sensordiag will be located in the C:\<dir>\Diags directory
- Item was fixed in the 7.2.1 Sensor Release.
Feedback
thumb_up
Yes
thumb_down
No