Gather logs for Windows Sensor version 6.1.13 and lower
search cancel

Gather logs for Windows Sensor version 6.1.13 and lower


Article ID: 288104


Updated On:


Carbon Black EDR (formerly Cb Response)


How to collect logs and other diagnostics for the EDR Windows Sensor 6.1.13 and lower.


  • EDR Windows Sensor: 6.1.13 and lower
  • Windows OS: All supported versions


  1. Download the attached zip file and extract the cbDiag.exe file.
  2. Open Windows Command Prompt (cmd.exe)
  3. Run cbdiag.exe with admin permissions
  4. Press Enter or 0 to select "Take a new diag" option

Sample Output:

Additional Information

  • More utility options:
CbDiag.exe /?
  • The resulting file is generated in the same directory as the cbdiag.exe utility.
  • Resulting file name format:  <date-time>.diag.gz
  • Administrator permissions require access to system file paths and registry keys.
  • Disable Tamper Protect Updater if App Control is installed. 
  • If applicable, locally approve the utility hash within your App Control Web UI
MD5 of CbDiag.exe: 469c78f4a4664b11be1a7641afec2214

Data collected:

  • Basic System Information
  • Carbon Black product logs
  • System event logs
  • System Crash dumps
  • Product registry keys 
  • System registry keys related to crash dumps
  • Product binary information
  • Running system drivers and processes
  • Installed system services, hardware, software

Attachments get_app