Run The FAPREDEP Script
search cancel

Run The FAPREDEP Script


Article ID: 286517


Updated On:


Carbon Black App Control (formerly Cb Protection)


To run the FAPREDEP script


  • App Control Agent: All Supported Versions
  • Linux: All Supported Versions


  1. Download and extract the attached
  2. Stop the Linux Agent process, and unload the module via Terminal:
    1. Open Terminal and issue the commands:
      cd /opt/bit9/bin
      ./b9cli --password 'GlobalCLIPassword'
      ./b9cli --tamperprotect 0
      ./b9cli --shutdown
    2. Confirm the b9daemon process has stopped (it may take a few moments for the services to fully shutdown):
      ps -ef | grep -i bit
    3. Confirm the version associated with the b9k_ module:
      lsmod | grep b9k
    4. Unload the b9k module, then confirm it is no longer listed in the modules:
      rmmod b9k_VERSION
      lsmod | grep b9k
  3. Run FAPREDEP on Linux device:
    sudo ./
  4. Allow the script to run for the designated 10 minutes.
  5. Start the Agent:
    ./b9cli --startup

Additional Information

  • If collecting FAPREDEP logs on multiple devices, please change the filename to
  • If inotifywatch returns Error 127, the file may need to be copied into the relevant SCRIPTDIR for fapredep.
  • If inotifywatch returns Error 126, you will have to add executable permissions to the files inotifywait and inotifywatch inside the fadredep folder.

Attachments get_app