Stopping and Restarting the Agent via Command Line or Terminal
search cancel

Stopping and Restarting the Agent via Command Line or Terminal

book

Article ID: 285034

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

Steps to stop, start, restart or disable services for an Agent

Environment

  • App Control Agent : All Supported Versions
  • Microsoft Windows: All Supported Versions
  • macOS: All Supported Versions
  • Linux: All Supported Versions

Resolution

Windows

Stop the Agent services:

  1. Use an administrative command prompt to authenticate with the Agent and stop Tamper Protection: 
    cd "C:\Program Files (x86)\Bit9\Parity Agent"
    dascli password <LocalOrGlobalCliPassword>
    dascli tamperprotect 0
  2. Issue the administrative Windows commands to stop the Agent service and unload the driver: 
    net stop parity
    fltmc unload paritydriver

Start the Agent services:

  1. Using an administrative command prompt to load the driver and start the Agent service (in that order): 
    fltmc load paritydriver
net start parity
  2. Verify the Agent shows as Connected with Tamper Protection Enabled: 
    "C:\Program Files (x86)\Bit9\Parity Agent\dascli.exe" status

macOS

Stop the agent services:

  1. Use Terminal to issue the following commands: 
    cd /Applications/Bit9/Tools 
./b9cli --password 'GlobalCLIPassword'
    ./b9cli --tamperprotect 0
    ./b9cli --shutdown
sudo launchctl unload /Library/LaunchDaemons/com.bit9.Daemon.plist

Start the Agent services:

  1. Use Terminal to issue the following commands: 
    sudo launchctl load /Library/LaunchDaemons/com.bit9.Daemon.plist
./b9cli --status
  2. Verify the Agent shows as Connected with Tamper Protection Enabled.

Linux

Stop the Agent services:

  1. Open Terminal to
  2. Issue the commands: 
    cd /opt/bit9/bin
./b9cli --password 'GlobalCLIPassword'
./b9cli --tamperprotect 0
./b9cli --shutdown
  3. Confirm the b9daemon process has stopped (it may take a few moments for the services to fully shutdown): 
    ps -ef | grep -i bit
  4. Confirm the version associated with the b9k_ module: 
    lsmod | grep b9k
  5. Unload the b9k module if listed above: 
    rmmod b9k_VERSION
lsmod | grep b9k

Start the Agent services:

  1. Issue the following commands in Terminal: 
    ./b9cli --startup
./b9cli --status
  2. Verify the Agent shows as Connected with Tamper Protection Enabled.

Additional Information

Stopping the agent service will:

  • Prevent the Agent from communicating with the App Control Server.
  • Prevent the Agent from tracking any file operations.
  • Prevent the Agent from taking any actions.
  • Allow the Agent to be uninstalled.
Powered by Wolken Software