You enable sensor bypass when you want to confirm that the Carbon Black Cloud sensor is causing application interoperability, bootup, or login issues on your end device, and prior upgrading the operating system on your device.
Enabling the bypass mode removes all policy enforcement on the device. For information on the various reasons for the sensor to be in a bypass mode, see Bypass Reasons.
Once your device is into bypass mode,
Carbon Black Cloud removes the policy enforcement and although it allows you to configure application-specific permission rules, it does not take them into account. The sensor does not send any new data to the
Carbon Black Cloud console, but the following activities are still taking place.
- The sensor logs system information locally, such as CPU and memory use.
- The sensor maintains the local databases by removing stale records and files that are already deleted.
- The sensor checks in to confirm configuration, policy rules, and requested sensor actions.
- Signature updates for local scanner.
- Repmgr is running. It checks the reputations of any interesting files being accessed. This activity is recorded and stored locally. It is not uploaded to the Carbon Black Cloud console.
- Carbon Black Cloud Support retrieves sensor logs from the device.
- Device activity, prior to bypass enablement, is available on the Investigate page.
- Live Response and Live Query are available to use.