Alerts that mention devices being "without fully operational sensors"

Severity:
10

Reason: 
Detected <SensorCount> devices without fully operational sensors, likely due to your organization’s firewall, proxy, or network settings. View the devices (https://<Backend>/inventory/endpoints?s[query]=<Max10AffectedDeviceIDs>), then remediate (https://knowledge.broadcom.com/external/article?articleNumber=292087)

Devices which are having issues with getting Content Manifests should be considered only partially functional or not fully protected. This issue should be remediated as soon as possible. Funtions that may not work correctly until this is resolved include:

• A large percentage of Carbon Black Cloud Endpoint Standard blocking capabilities
• Device control 
• Enterprise EDR event collection
• Policy rule changes (blocking and isolation sules)
• Host-based firewall
• Unified Binary Store (UBS)
• XDR event collection

• Carbon Black Cloud Sensor: All Supported Versions
• Microsoft Windows: All Supported Versions
• macOS: All Supported Versions
• Linux: All Supported Versions

Sensors are receiving errors when downloading content manifest updates from content.carbonblack.io

1. For information on how to resolve this issue see Troubleshooting ManifestDownloadFailure alarms
2. The alert will state the full count of impact devices, but only list a maximum of 10 in the provided URL. If a full list is needed see find devices impacted by ManifestDownloadFailure or ContentDownloadFailure
3. If additional assistance is required, open a Technical Support Case.

• This alert was not functioning/triggering for an extended period of time, but was restored on 1/23/26.
• The backend job that creates these alerts only triggers once per day.
• It is possible to search just for these Alerts in order to speed up the review process

  threat_id:4444A5745019BA07569170443EB7DC3F AND reason_code:CONTENT_CONNECTION_ERROR