Carbon Black Cloud: How to Review Blocking Events in Windows Event Viewer (3.0 and above)
search cancel

Carbon Black Cloud: How to Review Blocking Events in Windows Event Viewer (3.0 and above)

book

Article ID: 291571

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

Introuduce how to check CBC blocking events in Windows Event Viewer

Environment

  • Carbon Black Cloud Windows Sensor: 3.0 and above
  • Windows OS: All Supported Versions

Resolution

  1. Open Event Viewer
  2. Go to Windows Logs -> Application
  3. Search for "CbDefense" or "Carbon Black", and you will see blocking events from CBC.
OR
  1. Open Event Viewer
  2. Go to Windows Logs -> Application
  3. Under "Actions" menu select "Filter Current Log..."
  4. In the Event Sources drop down select "CbDefense" to view only Cb Defense Events

Additional Information

Search "CbDefense" in Event View can also give you CBC related events like service start, service stop, background scan, etc.
Powered by Wolken Software