EDR: What do the different values for "Power State" mean in the Sensor Details page on the WebUI?
search cancel

EDR: What do the different values for "Power State" mean in the Sensor Details page on the WebUI?

book

Article ID: 289141

calendar_today

Updated On:

Products

Carbon Black Hosted EDR (formerly Cb Response Cloud)

Issue/Introduction

What do the different values for "Power State" mean in the Sensor Details page on the WebUI?

Environment

  • EDR Server: All Versions
  • EDR Windows Sensor: All Supported Version
  • Windows OS: All Supported Versions

Resolution

There are three possible values (2, 1, and 0) for the "Power State" in the Sensor Details page:
  • SERVICE_CONTROL_SHUTDOWN which is when the os is being shutdown we set that value to 2 = powerstate::shutdown_state
  • SERVICE_CONTROL_POWEREVENT:PBT_APMRESUMEAUTOMATIC (resuming) we set to 0 - powerstate::running_state
  • SERVICE_CONTROL_POWEREVENT:PBT_APMSUSPEND (suspending) we set to  1 - powerstate::suspended_state
Powered by Wolken Software