You enable sensor bypass to confirm that the Carbon Black Cloud sensor is causing application interoperability, bootup, or login issues on your endpoint, and before upgrading the operating system on the endpoint.

Enabling the bypass mode removes all policy enforcement on the device. To view the reasons why a sensor might be in a bypass mode, see Bypass Reasons.

After your asset is in bypass mode, Carbon Black Cloud removes the policy enforcement. Carbon Black Cloud allows you to configure application-specific permission rules, but it does not take them into account. The sensor does not send any new data to the Carbon Black Cloud console; however, the following activities still take place:
  • The sensor logs system information locally, such as CPU and memory use.
  • The sensor maintains the local databases by removing stale records and files that are already deleted.
  • The sensor checks in to confirm configuration, policy rules, and requested sensor actions.
  • Signature updates for local scanner.
  • Repmgr is running and checks the reputations of any interesting files being accessed. This activity is recorded and stored locally. It is not uploaded to the Carbon Black Cloud console.
  • Broadcom Carbon Black Support retrieves sensor logs from the asset.
  • Endpoint activity prior to bypass enablement is available on the Investigate page.
  • Live Response and Live Query are available.