How many Live Response sessions can be initiated per endpoint?

• Carbon Black Cloud Console: All Versions
• Endpoint Standard Sensor: All Supported Versions
• Enterprise EDR Sensor: All Supported Versions

There can only ever be a single LR session per sensor. If there are two open tabs in the UI that both say connected, they are sharing the same session on the back end.
 

Live Response sessions have a 15 minute timeout. There are scenarios where the sensor’s LR session can be disrupted and fail to re-establish. This puts LR into a bad state. Attempting to create a “new” session by opening another UI tab will appear to work (sessions are re-used if their data exists on the backend, even though the actual connection to the sensor has been severed), say “connected”, but any attempt to send a command will eventually result in a “remote error”.