Gather logs for Windows Sensor version 6.1.13 and lower
search cancel

Gather logs for Windows Sensor version 6.1.13 and lower

book

Article ID: 288104

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

How to collect logs and other diagnostics for the EDR Windows Sensor 6.1.13 and lower.

Environment

  • EDR Windows Sensor: 6.1.13 and lower
  • Windows OS: All supported versions

Resolution

  1. Download the attached zip file and extract the cbDiag.exe file.
  2. Open Windows Command Prompt (cmd.exe)
  3. Run cbdiag.exe with admin permissions
  4. Press Enter or 0 to select "Take a new diag" option


Sample Output:

Additional Information

  • More utility options:
CbDiag.exe /?
  • The resulting file is generated in the same directory as the cbdiag.exe utility.
  • Resulting file name format:  <date-time>.diag.gz
  • Administrator permissions require access to system file paths and registry keys.
  • Disable Tamper Protect Updater if App Control is installed. 
  • If applicable, locally approve the utility hash within your App Control Web UI
MD5 of CbDiag.exe: 469c78f4a4664b11be1a7641afec2214

Data collected:

  • Basic System Information
  • Carbon Black product logs
  • System event logs
  • System Crash dumps
  • Product registry keys 
  • System registry keys related to crash dumps
  • Product binary information
  • Running system drivers and processes
  • Installed system services, hardware, software

Attachments

CbDiag.exe.zip get_app