Check Background Scan Status of Carbon Black Cloud Sensor
search cancel

Check Background Scan Status of Carbon Black Cloud Sensor

book

Article ID: 286133

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense)

Issue/Introduction

To determine current status of Background Scan on a Carbon Black Cloud sensor

Environment

  • Carbon Black Cloud Sensor: All Versions
    • Endpoint Standard
  • Microsoft Windows: All Supported Versions
  • macOS: All Supported Versions
  • Linux: All Supported Versions

Resolution

Windows

Method 1: Via Repcli

Method 2: Via Live Response

  • Run the commands: 
    cd C:\Program Files\Confer
execfg repcli status

     

Method 3: Via Live Query

Method 4: Via Event Viewer

 

macOS

Method 1: Via Repcli

  • Open terminal and run the command: 
    sudo /Applications/VMware\ Carbon\ Black\ Cloud/repcli.bundle/Contents/MacOS/repcli status | grep Background

Method 2: Via Live Response

  • Run the commands: 
    cd /Applications/VMware\ Carbon\ Black\ Cloud/repcli.bundle/Contents/MacOS/
execfg ./repcli "status" | grep Background

Method 3: Via the Apple Unified log

  • Open terminal and run the command: 
    log show --predicate 'process == "repmgr" and eventMessage contains "BACKGROUND_SCAN"'

Linux

Open a CLI and run the command:

/opt/carbonblack/psc/bin/repcli status

------Outputs omitted-------

Local Scan Info:

  Local Scan Complete: True

  Scan Mode: Expedite

  Local Scan Running: False

 

To check the start time and end time and few other details about the background scan run command:

grep LocalScanMgr /var/opt/carbonblack/psc/log/blades/E51C4A7E-2D41-4F57-99BC-6AA907CA3B40/threat_hunter_log.txt

[2024-09-11 06:58:47.034358] [2454:2473] [I] LocalScanMgr : StartLocalScan : Starting local scan...

[2024-09-11 06:58:47.034648] [2454:2473] [I] LocalScanMgr : StartLocalScan : Local Scan starting in Non-expedited mode

[2024-09-11 06:58:47.034658] [2454:2473] [I] LocalScanMgr : StartLocalScan : MaxScanTimeInHours set to = 48

[2024-09-11 06:58:47.035028] [2454:2473] [I] LocalScanMgr : StartLocalScan : Successfully started Local Scan

[2024-09-11 07:04:48.251413] [2454:2461] [I] LocalScanMgr : UpdateLocalScanMode : Updated Local Scan mode to EXPEDITED.

[2024-09-11 10:14:18.297630] [2454:2505] [I] LocalScanMgr : ThreadLoop : Local Scan completed, attempting to shutdown Local Scan...

[2024-09-11 10:14:18.298382] [2454:2505] [I] LocalScanMgr : ThreadLoop : Local Scan: Total files hashed = 43370

[2024-09-11 10:14:18.298391] [2454:2505] [I] LocalScanMgr : ThreadLoop : Local Scan: Total files not hashed = 70947

Note:

  • The outputs might change depending on which options you selected for the background scan.
  • The ID in above directory "E51C4A7E-2D41-4F57-99BC-6AA907CA3B40" might change from sensor to another.
  • Above scenario shows the logs of when the background was initially set to Normal and then was changed to Expedited
Powered by Wolken Software