CB Defense: How to Copy Scanner Files for Review
book
Article ID: 290064
calendar_today
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Issue/Introduction
Explain the steps to collect the scanner folder for review (C:\Program Files\Confer\scanner)
Environment
- CB Defense Sensor: 2.0.x.x and Higher
- Microsoft Windows: All Supported Versions
Resolution
- Place the sensor into Bypass
- Run `net stop cbdefense` from an elevated command prompt
- Zip the contents of the "C:\Program Files\Confer\scanner" folder
- Delete the scanhost.log file
- Run `net start cbdefense` from an elevated command prompt
- Bring the sensor out of Bypass
Additional Information
- In most circumstances the entire contents of the Confer folder will be retrieved when pulling Sensor logs
- The above steps should only be required when the resulting logs do not include the scanner folder
Feedback
thumb_up
Yes
thumb_down
No