You can perform actions on selected endpoints and their sensors from the Endpoints tab.

Procedure

  1. On the left navigation pane, click Inventory > Endpoints and click the Endpoints tab.
  2. Locate the Status column and select the check box the endpoints to take action on.
    The Take Action drop-down menu appears.
  3. Select an action:
    Option Description
    Assign policy Determines prevention behavior. Each sensor or sensor group is assigned to a policy. You can automatically assign a policy to sensors or manually assign a pre-defined policy.
    Update sensors Update the sensor version on the selected endpoint.
    Start background scan Initiate an initial, one-time inventory scan in the background to identify malware files that are pre-existing on the endpoint.
    • If the policy controlling the endpoint has background scan enabled, the sensor runs the type of scan specified in that policy (standard or expedited).
    • If the policy controlling the endpoint does not have background scan enabled, the sensor runs a standard background scan by default.

    For general information regarding how background scans are handled in Carbon Black Cloud, see: Background Scans.

    Pause background scan Release the endpoints from background scan.

    If the scan is in progress as a result of policy and you pause the background scan, it is temporarily paused. The scan restarts when the service or endpoint restarts.

    Enable bypass Disable policy enforcement on the endpoint. The sensor stops sending data to the cloud. For more information, see Bypass Reasons.
    Disable bypass Enable policy assignment to sensors.
    Quarantine assets Quarantine endpoints that are detected as interacting badly. This limits the outbound traffic and stops all inbound traffic to such endpoints.
    Unquarantine assets Release endpoints from the quarantine state.
    Uninstall sensors Uninstall macOS and Windows sensors. After you uninstall a sensor, it persists on the Endpoints page as a deregistered sensor until you delete it.
    Delete deregistered assets Completely remove the sensor from the Carbon Black Cloud console.
    Disable Live Response Disable Live Response from performing remote investigations, containing ongoing attacks, and remediating threats.
    Caution: This action cannot be undone. You must reinstall the sensor to restore Live Response.
    Query assets Run a predefined or your own SQL query against the endpoint.

Results

You are presented with a confirmation of your selected action. The status of the endpoints and their sensors updates accordingly.