Field |
Description |
---|---|
Computer name |
Network name for the computer. |
IP address |
IP address for the computer. This may be an IPv4 or IPv6 address – if the Carbon Black App Control Server is configured for IPv6, agents will attempt to connect via IPv6 first. |
Identifier |
MAC address for the computer. (Option in table only) |
Connection status |
Status of computer’s communication with the Carbon Black App Control Server:
The Computers table also includes a circle icon in the Connection status field that indicates connection and agent status: (Blue) – Connected, up to date (Gray) – Disconnected (Yellow) – Connected, out of date (agent out of date, requires reboot, or other reasons) (Clear with Gray Border) – Template computer (Red) – Connected, health check failed; indicates that the agent needs immediate attention. Collect the Health Check Events for this computer and contact Carbon Black Support. Red may also appear if the agent is unprotected because a reboot is required or the kernel on the system is unsupported. |
Health Check |
Agent health status. The health check includes a series of tests to see whether the agent is working properly. If the value is Passed, there are no known health issues with the agent on this computer. If the value is Failed, there is an issue with at least one aspect of agent health. In this case, click Health Check Events on the Computers Details page and contact Carbon Black Support. Note: Health checks run automatically, but if you have addressed an agent problem and want to be sure the agent is healthy, you can force a health check using the Run health check command on the Other Actions menu of the Computer Details page. |
Platform |
The basic operating system platform of this computer. Possible values are Windows, Mac, and Linux. The System Details tab of the Computer Details page shows additional detail. |
Days Offline |
If a computer is disconnected, adding this column to the Computers table shows how long it has been disconnected, and allows filtering by number of days. |
Upgrade status |
Agent upgrade status of this computer. See Agent Upgrade Status for status options. On the Computer Details page, only appears for computers requiring upgrade. |
Upgrade error time |
If an error occurred on agent upgrade, the time of that error. On the Computer Details page, only appears for computers on which an upgrade was attempted. |
Policy status |
Status (up-to-date or not, etc.) for the policy protection of this computer. See Agent Policy Status for details. |
Description |
Optional information about this computer, displayed on the Computer Details page. When entering or editing this text on the details page, click the Update Computer button to save. |
Computer tag |
Optional text string you can add to identify groups of computers that you might want to get reports about or treat in a particular way. A tag offers an alternative to policies as a way to identify groups of computers. For example, you might want to apply a Low (Monitor Unapproved) policy to all computers in your office but be able to track file activity in more specific reports for computers in tagged subgroups such as sales or accounting. Tags may be set on the Computer Details page for one computer or on the Computers page Action menu for multiple computers. |
Policy |
Currently assigned policy for the computer. |
Policy Mode |
Security mode in which this policy is operating. The choices are Visibility, Control, and Disabled. |
Connected Enforcement |
Assigned Enforcement Level while the computer is in communication with the Carbon Black App Control Server. To change this setting for this computer and its fellow policy members, edit the policy. If the Enforcement Level is not up to date with changes to the policy on the server, “(out of date)” will be appended. |
Virtualized |
Indicates whether this computer is a virtual machine (Yes, No). On the Computer Details page, this is combined with Virtual Platform into a single field on the System Details tab. |
Virtual Platform |
If this is a virtual machine, the virtualization platform used to generate it. Current values are blank, VMware, and Unknown. On the Computer Details page, this is combined with Virtualized into a single field on the System Details tab. |
Clone Inventory |
For a template computer, shows whether the inventory for clones created from this template includes All Files (including those from the template image) or just New and Modified Files (since creation of each clone). Blank for non-template computers. See Managing Virtual Machines for more details. |
Inventory |
If this is a virtual machine, shows whether the inventory for this clone includes All Files (including those from the template image) or just New and Modified Files (since creation of this clone). Field is blank for non-clone computers. See Managing Virtual Machines for more details. |
Save(button) |
Applies changes made to the Description and Computer tag in the General panel of the Computer Details page. |
Cancel(button) |
Clears unsaved changes made to the Description and Computer tag if you click it before you click the Save button. Page reverts to the settings in effect before you began editing. |
Field | Description |
---|---|
App Control Agent tab |
|
CL Version |
Configuration List version number indicates synchronization of a computer with server rules. If not current, “(out of date)” appears with the number. Compare the computer’s CL version with the current server CL version on the Computers page. Details pages for many rules also shows the CL version in which the current rule definition was introduced. For use with Carbon Black Support.
Note:
Rarely, you may see this message next to the CL Version: Agent did receive but is not enforcing all the rules yet. This means the agent is still processing the rules it received, and some rules may not be fully functional. The message (and the state it represents) disappears within a few minutes. |
Debug Level ( Agent Debug Level in table) |
Shows current debug level for this agent, indicating the amount of debugging information collected from it. This can be changed on the Advanced menu. For use with Carbon Black Support. |
App Control Agent Version |
Version number of the agent installed on this computer. |
Enabled Trusted Directories |
Number of Trusted Directories now enabled on this computer. See Approving by Trusted Directory for details. |
Tamper Protect |
Status of agent tamper protection features (Enabled or Disabled). |
Connection History tab |
|
First Registered |
Date and time this computer first registered with its server. |
Last Polled |
Date and time this agent last polled the Carbon Black App Control Server for updated information and provided updated file information to the server. Agents may poll every 30 seconds, or as seldom as every 10 minutes if the agent is in “sleep” state because the server has no new information about policy changes, approvals, etc. |
Last Register Date |
Date and time the agent last connected to the server. |
Synchronization( %Synchronization in table) |
Percent of file information synchronization between this agent and its Carbon Black App Control Server. Appears only after initialization is complete. |
Initialization( % Initialization in table) |
During initialization, shows the percent of initialization that is complete. Shows as “Complete” after initialization reaches 100%. |
Server Backlog |
The number of files received from this computer but not yet fully processed on the server. Backlogged files appear in the File Catalog but not in the Files on Computers tab or Find Files page. |
Last logged in user(s) |
User(s) logged in when the computer last connected to the Carbon Black App Control Server. If AD integration is enabled, click this field for more information about the user. |
Policy Override tab |
|
|
Allows generation of a code to temporarily change the Enforcement Level of a disconnected computer. See Using Timed Policy Overrides. |
System Details tab |
|
Computer Model |
Model of this computer. Also identifies virtual machines. |
Processor |
Model, speed, and number of processors for this computer. |
Installed Memory |
Amount of memory installed on this computer. |
Operating System/Operating System Details |
Operating system version on this computer. In the Computers table:
On the Computer Details page, the Operating System field shows full details. |
Virtualized |
Indicates whether the computer is a virtual machine, and if so, its platform. Possible values are: No, Yes (VMware), Yes (Unknown) |
AD Details tab |
|
|
Clicking this tab shows any additional computer details available through Active Directory. No information is added if AD integration is not enabled or the AD server is unavailable. |
Carbon Black EDR tab |
|
Sensor Version ( Carbon Black EDR Version in table) |
The version of the Carbon Black EDR sensor installed on this computer. |
Carbon Black EDR Status (in table) Last Status (on Details page)
|
This field shows the last Carbon Black EDR sensor status for this computer, as reported by the Carbon Black App Control Agent to the Carbon Black App Control Server. The Carbon Black App Control Server checks Carbon Black EDR sensor status every 30 minutes, and so status changes may be out of sync for up to that amount of time. The possible values for Carbon Black EDR Status in the table are:
On the Details page, the Last Status field on the Carbon Black EDR tab is similar to Carbon Black EDR Status in the table. However, it does not appear if sensor status is Unknown. Values are:
Note:
|
Uptime |
Number of minutes and hours that the Carbon Black EDR sensor has been running since it was last started. |
Computer Status |
The status of this computer reported by the Carbon Black EDR server. |
Registration Time |
The date and time the Carbon Black EDR sensor on this computer registered with its server. |
Last Checkin |
The date and time the Carbon Black EDR sensor on this computer last checked in with its server. |
Next Checkin |
The date and time of the next scheduled server checkin for the Carbon Black EDR sensor on this computer. |
More Information |
Connects to the login page of the Carbon Black EDR server configured on the System Configuration page Licensing tab. Logging in takes you to the Sensors page on the Carbon Black EDR console so you can view additional details about this computer. You must have valid login credentials for the Carbon Black EDR server to successfully open its console. |
Menu/Options | Description |
---|---|
Related Views menu |
|
Recent Events |
Opens the Events page and shows recent events (if any) for which this computer was the source. |
Health Check Events |
Opens the Events page and shows health check events for this computer. Use this information for troubleshooting an agent health check failure with Carbon Black Support. You can save the resulting events using the Export to CSV link on the events page. |
Files on this Computer |
Opens the Find Files page to list all tracked files on this computer. |
Carbon Black EDR Details |
Opens a new browser window or tab showing the login page of the Carbon Black EDR server configured on the System Configuration page Licensing tab. Logging in takes you to the Sensors page in Carbon Black EDR so you can view additional details about this computer. Link appears only if Carbon Black EDR server is configured. You must have valid login credentials for the Carbon Black EDR server to successfully open its console. |
Actions menu |
|
Change Policy |
The dropdown menu provides an alternate way to move the computer into another policy. One of the policies available on this menu is Local Approval, which you can use to temporarily place this computer in Local Approval mode. Click the Go button to apply the change. If this computer had its policy assigned automatically, Automatic shows next to the Go button and the menu is not active. You can un-check the Automatic checkbox to remove automatic assignment and then choose a policy from the menu. |
Prioritize Updates/Remove Prioritization of Updates |
Temporarily increases the priority of this computer for receiving upgrades to the agent and configuration lists from the App Control Server. A disconnected host can be prioritized while disconnected and the state will be respected when agent comes online next time. Once a computer has been prioritized, this link changes to Remove prioritization of updates. You also can click Remove prioritization... to downgrade a prioritized computer immediately. Once it is up-to-date in all respects, an agent that had Prioritize Updates applied to it automatically returns to normal priority. An agent may also be assigned permanent prioritization status. This is done automatically for computers hosting Trusted Directories. Permanent prioritization also may be assigned through a command on the Advanced/Other Actions menu.The Remove prioritization... command removes both permanent and one-time prioritization. |
Request Agent Upgrade/Remove Agent Upgrade Request |
Request Agent Upgrade schedules this agent for an immediate upgrade. Appears only if the agent is eligible for upgrade. Remove Agent Upgrade Request removes the upgrade request and so the agent is not forced to upgrade. This appears only if you have previously scheduled an immediate upgrade request. The options apply only to policies with automatic agent upgrades enabled (See Advanced Configuration Options). |
Add files to Snapshot |
Adds the list of files on this computer (as stored in the App Control Server database) to a snapshot of files. You can use a snapshot to determine how far each of the computers on your App Control Server network have drifted from a baseline of known files. Files in a snapshot can have a variety of statuses; if the snapshot contains banned files, they remain banned. See Managing Snapshots for more detail. There are two options on this menu:
|
Advanced menu |
|
Convert to Template |
Converts the current computer to an App Control computer template, after which clone computers created from the template’s image (using third-party virtualization/imaging solutions) can be better managed. See Managing Virtual Machines for more details. |
Set Debug Level |
Changes the amount of debugging information collected from the agent on this computer. For use with Carbon Black Support. |
Configure Agent Dumps |
Changes the amount of information included in file dumps from the agent on this computer. For use with Carbon Black Support. |
Disable/Enable Tamper Protection |
If agent tamper protection is enabled, clicking Disable Tamper Protection disables it. If protection is disabled, clicking Enable Tamper Protection enables it. Disabling tamper protection is not recommended unless required to solve a particular problem, and the feature should be re-enabled as soon as possible. |
Other Actions submenu |
Less frequently needed agent management features, often for use in conjunction with Carbon Black Support. The options are:
|
Change Local State |
This menu allows you to locally approve all unapproved files on the computer. You might choose to do this if you have added a large number of known-good files to a computer after initialization. |
Perform Cache Consistency Check |
A cache consistency check ensures that the agent on this computer has accurate information about the files actually present. It is necessary only if the agent was not running during a time when files were written to the computer. If the agent requires updating due to the consistency check, any differences are also sent to the server. Changes in the file cache may affect whether or not a file is approved. You can choose one of three levels of cache consistency checking from the menu:
In addition to the menu options, there are three checkboxes that can modify the consistency check:
This consistency check is a troubleshooting feature normally used in consultation with Carbon Black Support. Depending upon the option you choose, a cache consistency check could be a time-consuming operation. |