The Computers page provides a table of computers and information about them, including their platform, policies, Enforcement Levels, and whether they are currently connected to the server. As with most console tables, you can add or remove details shown in the table using the Columns button.

You also can use the Filters panel or Search field to limit the computers shown to those you are most interested in. For more about customizing your view, see Console Tables.

In addition to the table of agent-managed computers, the Computers page shows the following information:

  • Computers connected – Shows the number of computers running the agent that are currently connected to the server.
  • Total computers – Shows the total number of computers that are currently members of security policies managed by the server.
  • Current CL version – Shows the version number of the latest Configuration List (CL) available from the server. This can be used to help determine whether the CL for a particular agent is out of date. Note, however, that some CL versions are agent-specific, so the fact that the CL version for an agent doesn’t exactly match the CL version shown here does not automatically mean the agent is out of date.
  • CL version for upgrade – Shows the minimum CL version that an agent must have before it can be upgraded. Earlier versions might be missing rules, such as approvals needed for upgrade packages, required for upgrade.

View the Table of Computers

Use this procedure to view the table of computers managed by your Carbon Black App Control Server.

Procedure

  1. In the console menu, choose Assets > Computers. The Computers page appears:
    The computers page
  2. The Search field provides a way to search for computers by name (or partial name), IP Address, or Policy to reduce the length of the Computers table and help you find the systems you want. Enter the string you want to match against computer names and then click Go. Click Clear to restore the list that appeared prior to the search.
  3. Saved Views provide another way to limit the Computers table to systems matching certain characteristics:
    • Choose Active Computers to see currently active (not deleted) computers.
    • Choose Carbon Black EDR Deployments to see computers grouped by whether they have had a Carbon Black EDR sensor installed on them.
    • Choose Cloned Computers to see computers that have been cloned from a template computer. See Managing Virtual Machines for details.
    • Choose Computers in Local Approval to see previously locked down computers that have received approval from the server to install software in Local Approval mode.
    • Choose Computers Requiring Upgrade to see computers running agents that are not up to the current version.
    • Choose Connected Computers to see only computers running agents that are currently connected to the server.
    • Choose Disconnected Computers to see computers running agents that are not currently connected to the server.
    • Choose Duplicate Computers to see computers that have the same name as other computers in your App Control database. See Duplicate Computers for details.
    • Choose Template Computers to see computers that are templates for cloned computers. See Managing Virtual Machines for details.
    • Choose (none) to return to the complete list of computers managed by this server.
    • Other Saved Views may be available if you or another console user created them.
  4. You can click on Show Filter and/or Show Columns to open the Filters and Column Settings interface, which let you further customize your view of the Computers table.

    Table: Computer Details provides descriptions of the fields available on the Computer Details page, most of which are also available in the Computers table, either by default or by customization.

Agent Policy Status

The Computers table includes a column called Policy Status, which indicates whether the agent for each listed computer is up to date with the App Control Server rules that apply to it.

Notice that this field does not appear on the Computer Details page.

Note: During system initialization, the computer is already protected at the Enforcement Level associated with its security policy.

The computers table with Policy Status column highlighted

Table 1. Policy Status Messages

Policy Status

Description

Up to date

Agent Enforcement Level, policy, and rules are all up to date.

Policy out of date

Agent is not up to date on changes to its policy.

Approvals out of date

Agent rules (including file approvals or bans, trusted users, publisher rules, updater rules, device rules, memory rules and registry rules) are out of date.

Enforcement Level out of date

Agent Enforcement Level is out of date.

Out of date

Agent is out of date on more than one of these: Enforcement Level, policy, or other rules.

Unprotected

Agent is unprotected because of an upgrade failure.

Yara rules out of date

Agent does not have up-to-date Yara rules. Yara rules help identify malicious files.

Actions on Selected Computers

The Action menu on the Computers page has commands that can be applied to one or more computers.

You select a computer for action by checking the box to the left of its row.

The Action menu

The actions include deleting, upgrading (if enabled), tagging, and rebooting computers, and moving the computers to different policies. Additional commands available on this menu are described in the Actions and Advanced sections of Computer Details.