CB Defense: How to Copy Scanner Files for Review
search cancel

CB Defense: How to Copy Scanner Files for Review

book

Article ID: 290064

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense)

Issue/Introduction

Explain the steps to collect the scanner folder for review (C:\Program Files\Confer\scanner)

Environment

  • CB Defense Sensor: 2.0.x.x and Higher
  • Microsoft Windows: All Supported Versions

Resolution

  1. Place the sensor into Bypass
  2. Run `net stop cbdefense` from an elevated command prompt
  3. Zip the contents of the "C:\Program Files\Confer\scanner" folder
  4. Delete the scanhost.log file
  5. Run `net start cbdefense` from an elevated command prompt
  6. Bring the sensor out of Bypass

Additional Information

  • In most circumstances the entire contents of the Confer folder will be retrieved when pulling Sensor logs
  • The above steps should only be required when the resulting logs do not include the scanner folder
Powered by Wolken Software