Carbon Black Cloud: How To Find Blocks In Windows Event Viewer (3.0 and below)
Article ID: 290273
Updated On: 10-06-2020
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Issue/Introduction
Provide items to look for in Windows Event Viewer to identify blocks from CB Defense
Environment
- CB Defense PSC Console: All Versions
- CB Defense Sensor: 3.0 and below
- Microsoft Windows: All Supported Versions
Resolution
Search for any of the following terms in Event Viewer
was prevented from loading the file was prevented from accessing the file due to a Deny operation or Terminate process policy action was terminated due to a Deny operation or Terminate process policy action The operation was blocked by Confer The operation was blocked and the application terminated by Confer The connection was reset by Confer
Additional Information
- This information can also be useful if users report programs being blocked but no Events or Alerts are shown within the CB Defense PSC Console, or in troubleshooting interoperability issues with the CB Defense Sensor
- The event source may be CbDefense and the Event ID: 17 for blocks
- Some other event ID's referenced by CbDefense events are 1, 17, 33, 49
Feedback
Was this article helpful?
Yes
No
Powered by
