Carbon Black Cloud Console: What are the different hash deletion failure codes written to the Audit Log?
search cancel

Carbon Black Cloud Console: What are the different hash deletion failure codes written to the Audit Log?

book

Article ID: 288442

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense)

Issue/Introduction

  • What are the different hash deletion failure codes written to the Audit Log?
  • Example :¬†Failure deleting hash 'xxxx' off of device 'xxxx' at path '\x\xx\xxx.exe'. Reason: SCHEDULED_FOR_DELETION

Environment

  • Carbon Black Cloud Console

Resolution

Following are the possible failure codes that can be logged in the audit log incase of failure:
 
UNKNOWN - Reason for delete is unknown
SUCCESS - Delete request succeeded
BLOCKED_BY_OS - Delete request blocked by OS or other security product
FILE_TRUSTED - Sensor has blocked delete due to hash being a trusted system/critical file
FILE_TYPE_UNSUPPORTED - Deleting of this file type is unsupported by the sensor (i.e. doc files on autodelete)
FILE_NOT_FOUND - Unable to find file on sensor
HASH_UNKNOWN - Hash could not be found on device
HASH_CHANGED - Hash of file no longer matches hash in delete request
SCHEDULED_FOR_DELETION - File has been scheduled for deletion by sensor on next reboot