Run The FAPREDEP Script
Article ID: 286517
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
To run the FAPREDEP script
Environment
- App Control Agent: All Supported Versions
- Linux: All Supported Versions
Resolution
- Download and extract the attached FAPREDEP.zip
- Stop the Linux Agent process, and unload the module via Terminal:
- Open Terminal and issue the commands:
cd /opt/bit9/bin ./b9cli --password 'GlobalCLIPassword' ./b9cli --tamperprotect 0 ./b9cli --shutdown
- Confirm the b9daemon process has stopped (it may take a few moments for the services to fully shutdown):
ps -ef | grep -i bit
- Confirm the version associated with the b9k_ module:
lsmod | grep b9k
- Unload the b9k module, then confirm it is no longer listed in the modules:
rmmod b9k_VERSION lsmod | grep b9k
- Open Terminal and issue the commands:
- Run FAPREDEP on Linux device:
sudo ./fapredep.sh
- Allow the script to run for the designated 10 minutes.
- Start the Agent:
./b9cli --startup
Additional Information
- If collecting FAPREDEP logs on multiple devices, please change the filename to HOSTNAME-fapredep.tar.tz
- If inotifywatch returns Error 127, the file may need to be copied into the relevant SCRIPTDIR for fapredep.
Command inotifywatch exited with error return 126 - If inotifywatch returns Error 126, you will have to add executable permissions to the files inotifywait and inotifywatch inside the fadredep folder.
Command inotifywatch exited with error return 127
Attachments
Feedback
Yes
No
Powered by
