How to check current dynamic Sensor Management Content Manifests (Windows)
search cancel

How to check current dynamic Sensor Management Content Manifests (Windows)

book

Article ID: 291993

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

Provide steps to check on the current revision of dynamic detection and prevention features (management content manifests) and the last date and time it was updated for a given Sensor.

Environment

  • Carbon Black Cloud Console: All Versions
    • Endpoint Standard
    • Enterprise EDR
    • Audit & Remediation
    • Workload
  • Carbon Black Cloud Sensor: 3.6.x.x and Higher
  • Microsoft Windows: All Supported Versions

Resolution

  • via cmd.exe
    1. Run cmd.exe
    2. Check Sensor status, matching on Manifest 
      "C:\Program Files\Confer\RepCLI.exe" status | findstr Manifest
    3. Output will show version/revision in use
  • via PowerShell
    1. Run powershell.exe
    2. Check Sensor status, matching on Manifest 
      & 'C:\Program Files\Confer\RepCLI.exe' status | Select-String Manifest
    3. Output will show version/revision in use

Additional Information

  • Example Output - No Errors/Alarms

    EEDR Reporting Revision[108]: Enabled (Manifest)
     Unified Binary Store (UBS) Metadata Reporting Revision[27]: Enabled (Manifest)
     Unified Binary Store (UBS) Upload Revision[31]: Enabled (Manifest)
     Ransomware Detection Revision[6]: Enabled (Manifest)
     Ransomware Prevention Revision[10]: Enabled (Manifest)
     Device Control Reporting Policy Revision[11]: Enabled (Manifest)
     Privilege Escalation Report Revision[4]: Enabled (Manifest)
     Privilege Escalation Prevention Revision[3]: Enabled (Manifest)
     Carbon Black Threat Intelligence Detection Revision[6]: Enabled (Manifest)
     AMSI Threat Intelligence Detection Revision[45]: Enabled (Manifest)
     Credential Theft Detection Revision[16]: Enabled (Manifest)
     Credential Theft Prevention Revision[10]: Enabled (Manifest)
     Carbon Black Threat Intelligence Prevention Revision[6]: Enabled (Manifest)
     AMSI Threat Intelligence Prevention Revision[21]: Enabled (Manifest)
     Disguised Names Detection Revision[15]: Enabled (Manifest)
     IoA rules Revision[3]: Enabled (Manifest)
   Last Manifest Content Update Time[MM/DD/YYYY hh:mm:ss]
  • If checking for Manifest in 'repcli status' output returns 'ManifestDownloadFailure' the Sensor is or was having issues downloading data from the content management service (content.carbonblack.io) 
    ManifestDownloadFailure: <Number> times, MM/DD/YYYY hh:mm:ss
    • If the <Number> in the output does not increase on subsequent checks, the Sensor is not having ongoing problems with downloading content manifests
    • If the <Number> in the output does increase on subsequent checks, the Sensor is having ongoing problems with downloading content manifests and actions should be taken to allow communications to content.carbonblack.io
Powered by Wolken Software