Audit and Remediation: Why Are There Unexpected Number of Endpoints in Live query Results?
search cancel

Audit and Remediation: Why Are There Unexpected Number of Endpoints in Live query Results?

book

Article ID: 287834

calendar_today

Updated On:

Products

Carbon Black Cloud Audit and Remediation (formerly Cb Live Ops) Carbon Black Cloud Endpoint Standard (formerly Cb Defense)

Issue/Introduction

When running a live query on endpoints, the results seems to not be querying all of the endpoints in the environment. 

Environment

  • Carbon Black Cloud Console: All Versions
  • Microsoft Windows: All Supported Versions
  • Audit and Remediation:July 2020 Backend Update
  • Linux: All Supported Versions
  • Apple MacOS 10.10+
  • Carbon Black Cloud Windows Sensor: 3.3 and Higher
  • Carbon Black Cloud MacOS Sensor: 3.3 and Higher
  • Carbon Black Cloud Linux Sensor: 2.3 and Higher 

Resolution

As of July 2 there were changes made on the backend to allow more results. VMware Carbon Black recently made a change to calculate the estimate of potential pool of devices on which the query can run whether you’ve selected a policy or All endpoints. Previously the estimate was number of devices that has checked in last in the last 2 hours. With the recent change that last check in time window was increased to 7 days.
Powered by Wolken Software