Using the Repcli Command-Line Utility in Carbon Black Cloud
Article ID: 291756
Updated On:
Products
Issue/Introduction
Repcli is a local command-line utility that allows authenticated administrators to manage and troubleshoot the Carbon Black Cloud Sensor directly from the endpoint. Repcli is primarily an internal diagnostic tool; it should only be utilized under the direct guidance of Carbon Black Support personnel and is not intended for routine customer-facing administration.
Environment
- Linux: All Supported Versions
- macOS: All supported versions
- Windows: All Supported Versions
- Carbon Black Cloud Linux Agent: 2.13.x and higher
- Carbon Black Cloud Mac Agent 3.5.x.x and higher
- Carbon Black Cloud Windows Agent: 3.3.x.x and higher
Resolution
Table of Contents
Repcli Location
| Operating System | Location |
| Linux | /opt/carbonblack/psc/bin/ |
| macOS | /Applications/VMware\ Carbon\ Black\ Cloud/repcli.bundle/Contents/MacOS/repcli |
| Windows | Version 4.2+: C:\Program Files\Broadcom\Endpoint Security Agent\CurrentVersion\bin64
Version 4.1 and below: c:\Program Files\Confer |
Repcli Commands
| Command | Authentication required? | Description | Example | OS Compatability |
bypass [0 | 1] | Yes | Put the sensor in/out of bypass mode. | Repcli bypass 1 | Linux macOS Windows |
capture [path] | No | Capture logs into a specified path. Note that with Windows 4.2+, SymDiag v3 is used to capture logs instead. | Repcli capture c:\temp | Linux macOS Windows |
cloud hello | Yes | Force the agent to check in with the Carbon Black Cloud console . | repcli cloud hello | Linux macOS Windows |
debug [0 | 1] | Yes | Increase confer.log verbosity and set Microsoft Event Trace Log File to the Info Level | repcli debug 1 | Windows |
localscanner updatesignature -wait | No | Force the agent to request the latest signature packs the configured update servers. If the "Allow signature updates" Policy setting is Disabled, signature updates via RepCLI will fail. | repcli localscanner updatesignature -wait | Windows |
manifest request | Yes | Force the agent to request the latest manifest from content.carbonblack.io | repcli manifest request | Windows |
ondemand scan | Yes | To run an on-demand scan. For more details see On-demand Scan for Windows using RepCLI | repcli ondemandscan /Dir=C:\temp /WaitOnResults | Windows |
status | No | Verify the status of the agent | repcli status | Linux macOS Windows |
systeminfo | Yes | Displays system information in XML or JSON format. Use systeminfo help to view optional masks. | repcli systeminfo help | Windows |
unlock [password] | No | To be used prior to running commands that requier authentication.Both the global deregistration code and per-agent uninstall code can be used. | Privileged commands will remain unlocked until the agent is restarted or the command RepCLI Unlock Reset | Windows |
Managing Automatic Repcli Authentication
If you prefer to bypass the manual repcli unlock process, you can configure automatic authentication for a specific user or group by specifying their Security Identifier (SID).
Method 1: Configuration During Installation
Add CLI_USERS=<DesiredSID> to the msi command line string.
Example:
msiexec /q /i C:\temp\installer_vista_win7_win8-64-4.2.0.3361 /L* log.txt COMPANY_CODE=XYZ CLI_USERS=S-1-2-34-567Note: Only one SID can be specified.
Method 2: Configuration Post Installation
- Enable bypass mode on the sensor from the Carbon Black Cloud Console
- Open the cfg.ini file with Notepad (Notepad++.exe with Admin privilege is recommended)
- Add the following line (replace <DesiredSID> with actual AD Group or User SID)
- Warning: Authenticated users will be able to run any repcli command on the device, please ensure SID only applies to a specific user or group trusted to execute repcli commands
- Note: Only one SID can be specified
AuthenticatedCLIUsers=<DesiredSID>
- Save changes to cfg.ini with "Save As" option; maintain the same file name and select a destination outside of the cfg.ini directory
- Move the old cfg.ini file out of it's file path and keep as a backup
- Move the new cfg.ini file with the SID entry back into the specified file path
- Run the commands
repcli updateconfig
repcli bypass 0 - If the "repcli bypass" command is successful, then this confirms that SID Authentication is now enabled
Feedback
