EDR: Same Endpoint Showing Twice in Console, One With Online and One With Offline Status
search cancel

EDR: Same Endpoint Showing Twice in Console, One With Online and One With Offline Status

book

Article ID: 286250

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response) Carbon Black Hosted EDR (formerly Cb Response Cloud)

Issue/Introduction

  • Same endpoint(s) showing multiple entries in the EDR console, one with status of Online, one (or more) with status of Offline.
  • IP and MAC address of endpoint(s) are same in both Online and Offline entries.

Environment

  • CB EDR Server: 5.x and higher
  • CB EDR Sensor: All Versions

Cause

Sensor has been uninstalled and reinstalled on endpoint, causing new Sensor ID to be created for same endpoint.

Resolution

Offline sensors can be filtered out in the Sensor Display options on the console: https://docs.vmware.com/en/VMware-Carbon-Black-EDR/7.8.0/vmw-cb-edr-ug/GUID-F1CAAD2B-2187-47F9-96FB-303D336EE593.html

Additional Information

  • Removing duplicate sensors via the console cannot be completed at this time.
  • Sensors that are upgraded get re-installed and can see the same results
Powered by Wolken Software