Start and Stop The Agent Via Local Command Line / Terminal
search cancel

Start and Stop The Agent Via Local Command Line / Terminal

book

Article ID: 285034

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

Steps to start or stop the services for an App Control Agent

Environment

  • App Control Agent : All Supported Versions
  • Microsoft Windows: All Supported Versions
  • macOS: All Supported Versions
  • Linux: All Supported Versions

Resolution

Windows

To stop the agent services:

  1. Open an admin CMD prompt
  2. Issue the commands:
cd "C:\Program Files (x86)\Bit9\Parity Agent"
dascli password <LocalOrGlobalCliPassword>
dascli tamperprotect 0
net stop parity
fltmc unload paritydriver

To start the agent services:

  1. Using an administrative command prompt on the endpoint, execute the following commands:
    fltmc load paritydriver
    net start parity
    cd "C:\Program Files (x86)\Bit9\Parity Agent"
    dascli status
    
  2. Verify the Agent shows as Connected with Tamper Protection Enabled.

macOS

To stop the agent services:

  1. Use Terminal to issue the following commands:
    cd /Applications/Bit9/Tools 
    ./b9cli --password 'GlobalCLIPassword'
    ./b9cli --shutdown
    sudo launchctl unload /Library/LaunchDaemons/com.bit9.Daemon.plist

To start the agent services:

  1. Use Terminal to issue the following commands:
    sudo launchctl load /Library/LaunchDaemons/com.bit9.Daemon.plist
    ./b9cli --status
  2. Verify the Agent shows as Connected with Tamper Protection Enabled.

Linux

To stop the agent services:

  1. Open Terminal to
  2. Issue the commands:
    cd /opt/bit9/bin
    ./b9cli --password 'GlobalCLIPassword'
    ./b9cli --tamperprotect 0
    ./b9cli --shutdown
  3. Confirm the b9daemon process has stopped (it may take a few moments for the services to fully shutdown):
    ps -ef | grep -i bit
  4. Confirm the version associated with the b9k_ module:
    lsmod | grep b9k
  5. Unload the b9k module, then confirm it is no longer listed in the modules:
    rmmod b9k_VERSION
    lsmod | grep b9k

To start the agent services:

  1. Issue the following commands in Terminal:
    ./b9cli --startup
    ./b9cli --status
  2. Verify the Agent shows as Connected with Tamper Protection Enabled.

Additional Information

Stopping the agent service will:

  • Prevent the Agent from communicating with the App Control Server.
  • Prevent the Agent from tracking any file operations.
  • Prevent the Agent from taking any actions.
  • Allow the Agent to be uninstalled.