Carbon Black Cloud Console: What are the different hash deletion failure codes written to the Audit Log?
Article ID: 288442
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Issue/Introduction
- What are the different hash deletion failure codes written to the Audit Log?
- Example : Failure deleting hash 'xxxx' off of device 'xxxx' at path '\x\xx\xxx.exe'. Reason: SCHEDULED_FOR_DELETION
Environment
- Carbon Black Cloud Console
Resolution
Following are the possible failure codes that can be logged in the audit log incase of failure:
UNKNOWN - Reason for delete is unknown
SUCCESS - Delete request succeeded
BLOCKED_BY_OS - Delete request blocked by OS or other security product
FILE_TRUSTED - Sensor has blocked delete due to hash being a trusted system/critical file
FILE_TYPE_UNSUPPORTED - Deleting of this file type is unsupported by the sensor (i.e. doc files on autodelete)
FILE_NOT_FOUND - Unable to find file on sensor
HASH_UNKNOWN - Hash could not be found on device
HASH_CHANGED - Hash of file no longer matches hash in delete request
SCHEDULED_FOR_DELETION - File has been scheduled for deletion by sensor on next reboot
SUCCESS - Delete request succeeded
BLOCKED_BY_OS - Delete request blocked by OS or other security product
FILE_TRUSTED - Sensor has blocked delete due to hash being a trusted system/critical file
FILE_TYPE_UNSUPPORTED - Deleting of this file type is unsupported by the sensor (i.e. doc files on autodelete)
FILE_NOT_FOUND - Unable to find file on sensor
HASH_UNKNOWN - Hash could not be found on device
HASH_CHANGED - Hash of file no longer matches hash in delete request
SCHEDULED_FOR_DELETION - File has been scheduled for deletion by sensor on next reboot
Feedback
Yes
No
Powered by
