How To Configure Local AV Scan for Carbon Black Cloud Products
Article ID: 292090
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Carbon Black Cloud Audit and Remediation (formerly Cb Live Ops)
Issue/Introduction
How to set up the Local Scan feature in Carbon Black Cloud products.
Environment
- Carbon Black Cloud Console: All Versions
- Endpoint Standard
- Carbon Black Cloud Sensor: 2.0.x.x and Higher
- Microsoft Windows: All Supported Versions
Resolution
1. Log in to Carbon Black Cloud Console then navigate to Enforce-> Policy page.
2. Select the policy that corresponds to the group of machines to configure the Local Scan.
3. Click on the Local Scan tab
4. With the correct policy selected, click on the "Scanner Config" drop-down to select one of these options:
2. Select the policy that corresponds to the group of machines to configure the Local Scan.
3. Click on the Local Scan tab
4. With the correct policy selected, click on the "Scanner Config" drop-down to select one of these options:
- Disabled - Turns the local AV Scan off for machines in the selected policy. If your organization uses a different Antivirus engine, this may be the best option for your organization.
- Normal - Scans any new files when they execute for the first time. Old files that already existed on the machine before the sensor was installed will not be scanned. This is the default setting.
- Aggressive - Scans all files when they execute for the first time.
Additional Information
- Local Scan Settings are not supported by the Linux or macOS Sensor (any version) or Windows Sensor versions prior to 2.0.x.x
- Files will be assigned a reputation based on the scan outcome. If the scan identifies a malicious file, it will be flagged.
- Other configuration options within the "Local Scan Settings" tab are related to downloading the latest virus definitions. See our documentation on this topic.
Feedback
Yes
No
Powered by
