Policy rule updates pushed to all Production ORGs in the Carbon Black Cloud can be updated or rolled back to different versions by manually applying the .json formatted files to the sensor with a REPCLI command to troubleshoot issues.

• Carbon Black Cloud Console: Current Version
• Carbon Black Cloud Windows Sensor: All Supported Versions
• Microsoft Windows OS: Supported Versions

Policy rule updates can potentially cause performance issues if not written correctly, and they cannot be edited by any built-in mechanism other than changing to another version.

To troubleshoot policy rule performance related issues:

1. Download the Broadcom Support provided .json files, and extract to c:\test on the test endpoint that can reproduce the problem.
2. Open an Admin level command prompt in Windows
3. Run the following cmds:

   cd c:\program files\confer
   repcli unlock <uninstall-code>
   repcli bypass 1
   repcli addpolicy psc c:\test\<policyname>.json-<versionnumber>
   repcli cloud disableupdates 1
   repcli bypass 0

    

4. Try to reproduce the behavior to validate the rule change fixes the situation.

• Do not reboot the system, because these policy changes will be undone when the sensor is restarted.