Computer '$computer$' completed the state transition of all files from '$param1$' to '$param2$'.

Note:Parameters 1 and 2 can be ‘Unapproved’ or ‘Locally Approved’.

Note:Parameters 1 and 2 can be ‘Unapproved’ or ‘Locally Approved’.

Agent configuration property '$param1$' was created as '$param2$' ($param3$) by '$username$'.

Agent configuration property '$param1$' was modified to '$param2$' ($param3$) by '$username$'.

Agent configuration property '$param1$', value '$param2$' ($param3$) was deleted by '$username$'."

Examples:

Computer retrieved Notifier Logo: Source[$param1$] Attempts[$param2$].

Agent configuration property 'KernelWriteExcludePattern' was modified to '/opt/apps/*' (Enabled) by '[email protected]'.

Agent configuration property 'protocol_message_versions (Linux)' was modified to 'protocol_message_versions=1:4,2:1,3:1,5:4,6:7,7:5,8:3,9:4,10:1,11:1,12:2,13:1,14:1,15:2,16:1,18:1' (Disabled) by '[email protected]'.

Carbon Black App Control Agent had to restore its primary database cache.

Carbon Black App Control Agent had to rebuild its primary database cache and now has to re-initialize.

Carbon Black App Control Agent detected a cache integrity problem.

Unknown error initializing database pool.

Carbon Black App Control Agent had to restore its primary database cache.

Carbon Black App Control Agent had to rebuild its primary database cache and now has to re-initialize.

Carbon Black App Control Agent failed to upgrade its database.

Carbon Black App Control Agent failed to connect to its cache database.

Carbon Black App Control Agent failed to read config list from file.

Carbon Black App Control Agent failed cache verification.

Computer '$computer$' deleted $param1$ events.

Note:Param1 is a numeric value.

Computer '$computer$' changed Enforcement Level from '$param1$' to '$param2$'.

Note: Parameters 1 and 2 are one of the Enforcement Levels or “Local Approval”.

Unsupported kernel [$kernelversion$] running. Agent will not track files.

Carbon Black App Control Agent was unable to communicate with the kernel. Agent may be unprotected

Unable to connect to the Kernel. Agent will not track files.

Computer failed to receive Notifier Logo: $logoFilePath$.

Free space on Carbon Black App Control Agent drive is low: Drive[$letter$:] Available[$param1$] Total[$param2$] Free[$param3$] Threshold[$param4$]

Upload failed: Retry limit exceeded. File upload canceled for file '$filePath$'. Attempts[$param$]

Info/

Error/

Warning

Carbon Black App Control Agent is healthy. Options[$param1$].

Carbon Black App Control Agent failed a health check. ErrorsFound[$param2$] Options[$param1$]

Carbon Black App Control Agent detected a problem: $param1$. $param2$

Timestamp of events from computer $computer$ are $param1$ day(s) in the $param2$

Timestamp of events from computer $computer$ are within expected range

Service control notification on '$computer$': $param1$.

Session change on '$computer$': $param1$.

System time change on '$computer$': $param1$.

Policy change was scheduled for computer '$computer$' from '$param1$' to '$param2$'.

Computer '$computer$' updated Policy from version '$param1$' to '$param2$'.

Carbon Black App Control Agent has started, version $param1$.

Carbon Black App Control Agent was stopped because of a system shutdown.

Computer '$computer$' finished resynchronizing its local state with the Carbon Black App Control Server. (Reason: ‘$param2$’).

Note: Param2 is one of the following: ‘Agent queue size grew too large’, ‘Server request during agent initialization was deferred’, ‘Server request during agent cache consistency scan was deferred’, ‘Server request’, ‘Agent did not have enough history’, ‘Protocol error’, ‘Agent CLI Request’

User '$username$' has requested resynchronization of computer '$computer$' with the Carbon Black App Control Server.

Computer '$computer$' started resynchronizing its local state with the Carbon Black App Control Server (Reason: $param2$).

Carbon Black App Control Server scheduled an auto resync on '$computer$' because agent appears to have gone back in time ($param1$/$param2$).

Note: Param1 is the server’s expected sequence number of an action. Param2 is the sequence number sent by the agent, which can be used for diagnostic purposes with Carbon Black Support.

Cache consistency check stopped Level [$param1$] $param2$

Cache consistency check complete: $param1$ optimizations made, $param2$ corrections.

Note: Param1 is cache consistency level. Param2 is a series of values for diagnosis of what was done during the check, and also indicates whether the check ran to completion (“Successful[1]”) or stopped before completion (“Successful[0]”).

User ‘$userName$’ requested a cache consistency check Level[$param1$] Options[$param2$] for computer ‘$computer$’]

Note: Param1 is the consistency check level chosen by the user and param2 indicates any option checkboxes chosen, such as “Full scan of new files”.

Carbon Black EDR Sensor Version '$param1' installed and '$param2'.

Carbon Black EDR Sensor is not installed.

Note: param1 is the Carbon Black EDR sensor version; param2 is the sensor state (e.g., ‘Running’).

Computer '$computer$' was modified by '$username$'.

Computer '$computer$' was moved into the Policy '$policyName$' by '$username$'.

Computer '$computer$' was modified by '$username$' to use automatic Policy assignment.

Computer '$computer$' was restored to its previous Policy by '$username$'.

Computer '$computer$' was scheduled for re-registration by '$username$'.

Duplicate computer '$computer$' with address '$param1$' was re-registered.

Computer from '$param1$' changed its name from '$param2$' to '$param3$'.

Agent upgrade for computer '$computer$' was requested by '$username$'.

User '$userName$' requested deletion of diagnostic files from computer '$computer$.

If the deletion failed because it was a file from a protected publisher:

File deletion failure of 'emet_gui.exe' [2024F...41CCD] from MYCORP\LAPTOP3. Error: Microsoft File

If the deletion failed because the agent version doesn’t support server-based deletion:

File deletion failure of 'emet_gui.exe' [2024F...41CCD] from MYCORP\LAPTOP3 because this Agent version doesn’t support it.

If the deletion failed because the file is no longer present on the computer and not in its inventory:

File deletion failure of 'tryme.bat' [76C7F...BD915] from MYCORP\DESKTOP8. Error: Delete Error[C0000034]

If a file is exists in a computer’s inventory but is not on disk:

File deletion processed with file not found for [EDBD7...12F06] from MYCORP\DESKTOP9

If the request was to delete a file from one computer:

User 'admin' requested file deletion of all instances of [2488C...558F1] from MYCORP\DESKTOP6.

If the request was to delete a file from all computers:

User 'admin' requested file deletion of all instances of [FBAD9...34F00] from 100 computer(s).

If the request was to delete a file came from an Event Rule:

User 'System' requested file deletion of all instances of [81027...576DA] from MYCORP\DESKTOP6.

Agent on computer '$computer$' is unable to process required update '$param1$' from Carbon Black App Control Server.

Agent on computer '$computer$' is unable to download required update '$param1$' from Carbon Black App Control Server.

User '$username$' canceled upload of file [$hash$] from computer '$computer$'.

User '$username$' canceled upload of file '$filepath $' from computer '$computer$'.

Upload of file [$hash$] from computer '$computer$' completed.

Upload of file '$filePathAndName$' from computer '$computer$' completed.

User '$username$' deleted uploaded file [$hash$].

User '$username$' deleted uploaded file '$filePathAndName$'.

Upload of file [$hash$] from computer '$computer$' failed because of error $description$.

Upload of file '$filePathAndName$' from computer '$computer$' failed because of error $description$.

User '$username$' requested upload of file [$hash$] from computer '$computer$'.

User '$username$' requested upload of file '$filePathAndName$' from computer '$computer$'.

Upload of file [$hash$] from computer '$computer$' was requested by Event Rule '$ruleName$'.

Updates prioritized for computer '$computer$' by user '$userName$'.

Prioritization of updates removed for computer '$computer$' by user '$username$'.

User '$userName$' requested all Policy rules be resent to computer '$computer$'.

User '$userName$' requested all Policy rules be resent to computer '$computer$' using shared file.

Unauthorized connection attempt: Pid[$processId$] Address[$IPaddress$] to the Notifier client interface

The $fileState$ file '$filePathAndName$' [$hash$] is set to run automatically: $param2$."

Note: fileState is the state of the file in Carbon Black App Control (e.g., Unapproved or Banned). Param2 is a description of the file source (e.g., Service [Microsoft Network Inspection]). The case referred to in the second description does not occur for agents in Low enforcement, and only once per file unless there is a reboot.

User '$username$' has disabled Tamper Protection on computer '$computer$'.

User '$username$' has generated temporary Policy override code for computer '$computer$' with Enforcement Level '$param1', valid for $param2$ minutes.