Verify bypass status changes from the console
search cancel

Verify bypass status changes from the console

book

Article ID: 292416

calendar_today

Updated On:

Products

Carbon Black Cloud Audit and Remediation (formerly Cb Live Ops) Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

How to find out why an endpoint in the inventory went into bypass from the console

Environment

  • Carbon Black Cloud Sensor

Resolution

Navigate to:

  1. Settings -> Audit Log
  2. Search by both hostname as well as the machine's device ID, IE (HOSTNAME OR 12345678)
      • The search will return bypass actions by the user:
        • "Sensor Bypass Enabled (User Action)"
      • Bypass actions by the administrator:
        • "Set Bypass to On for device(s): 12345678"
        • "Sensor Bypass Enabled (Admin Action)"
        • "Set Bypass to Off for device(s): 12345678"
Powered by Wolken Software