To collect the necessary information to troubleshoot Carbon Black Cloud sensor interop issues

• Carbon Black Cloud Sensor: All supported versions

Note: Troubleshooting cannot take place with the sensor uninstalled. Support will need access to a device with the sensor installed and experiencing the issue.

Open a case with Carbon Black Support and the provide the following:

1. Relevant Information:
   • Date/Time interoperability issue occurred (did any change precede the start of it?)
   • Does the vendor of the application have a recommended exclusion list and has it been implemented?
   • Application name experiencing interoperability
   • Any paths/processes known to be associated with the application
   • Are there any blocks seen locally or within the Carbon Black console during the interop issue?
   • Action being performed when interop issue occurs (Expected outcome vs actual outcome)
   • Are results the same if the sensor is in bypass mode or uninstalled?
2. Sensor Logs:
   1. For Windows OS: Collect a standard procmon capture
   2. Collect sensor logs either locally or via Live Response:
      • Collect Carbon Black Cloud Sensor Logs Locally
      • Collect Carbon Black Cloud Sensor Logs Using Live Response
   3. Zip all files and upload them to the case
      • Uploading files to cases on the Broadcom Support Portal
   4. Once the upload completes, please comment on the support case that the data is available for review (along with all relevant information).