Stopping an ondemand scan
Article ID: 290410
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Issue/Introduction
- Procedure to stop a manually triggered onDemandScan malware scan.
- This can be used in situations where an extremely large amount of files are being scanned and the system is experiencing some resource issues.
Environment
- Carbon Black Cloud Sensor: All Supported Versions
- Microsoft Windows: All Supported Versions
Resolution
To stop a previously started onDemandScan that was launched from the command line, restart the sensor service to stop the scan.
A user that has AuthenticatedRepCLI status will be needed to do this.
- Navigate to c:\program files\confer
- Run "repcli bypass 1"
- Run "repcli stopCbServices"
- Run "sc start cbdefense"
- Run "repli status" and confirm that the onDemandScan is no longer running
Additional Information
- There are two types of manual scans that can be initiated from the RepCLI command line tool.
- onDemandScan <path> - This scans directories (or all fixed storage if no path is given. This can be stopped using the above procedure.
- localScanner <fullFilePath> - This scans a single file only. This cannot be stopped using the above procedure.
- There is also a background scan, which occurs automatically at sensor install. This cannot be stopped using the above procedure. This scan will continue until complete, but it can be paused via the console in the Inventory Page, by selecting the sensor and using the Take Action - Pause Background Scan option.
- onDemandScans always run in an "expedited" state (versus Standard). Expedited scans run 5x faster than a Standard scan, and as such will have a larger impact on system performance.
Feedback
Yes
No
Powered by
