You can perform actions on selected VM workloads and their sensors from the Enabled tab.
Prerequisites
Install sensors on eligible VM workloads. You can view eligible workloads in the Not Enabled tab. For information on how to install sensors on VM workloads, see the Sensor Installation guide.
Procedure
- On the left navigation pane, click Inventory > VM Workloads and select the Enabled tab.
- Locate the Status column and select the check box for one or more VM workloads you wish to take action upon.
The Take Action drop-down menu appears.
- Select an action for a single or a group of VM workload sensors.
Option Description Assign policy Use it to determine prevention behavior. Each workload sensor, or sensor group is assigned to a policy. You can set an automatic assignment of a policy to sensors or manually assign one of the pre-defined policies. Update sensors Use it to update the sensor version on the selected VM workload or the sensors on all present workloads. Start background scan Use it so that the sensor performs an initial, one-time inventory scan in the background to identify malware files that are pre-existing on the workload. - If the policy controlling the workload has background scans enabled, the sensor runs the type of scan specified in that policy. (standard or expedited)
- If the policy controlling the workload does not have background scans enabled, the sensor runs a standard background scan by default.
For general information regarding how background scans are handled in Carbon Black Cloud, see: Background Scans.
Pause background scan Use it to release the workloads from the background scan. If the scan is in progress as a result of policy and you pause the background scan, it will only be temporarily paused. The scan restarts when the service or VM workload restars.
Enable bypass Use it to disable policy enforcement on the workload. The sensor stops sending data to the cloud. For more information, see Bypass Reasons. Disable bypass Use it to enable policy assignment to sensors. Quarantine assets Use it to quarantine workloads that detect as interacting badly. This limits the outbound traffic and stops all inbound traffic to such VM workloads. Unquarantine assets Use it to release VM workloads from the quarantine state. Uninstall sensors Use it to uninstall macOS and Windows sensors. After you uninstall a sensor, it persists on the VM Workloads page as a deregistered sensor until you delete it. Delete deregistered assets Use it to completely remove the sensor from the Carbon Black Cloud console. Disable Live Response Use Live Response to perform remote investigations, contain ongoing attacks, and remediate threats. Important: This action cannot be undone. You must reinstall the sensor to enable Live Response.Query assets Use it to run a predefined or your own SQL query against the VM workload. Apply NSX Tag Use it to remediate compromised VM workloads by applying NSX distributed firewall policies with associated tags. Remove NSX Tags Use it when the vulnerable VM workloads are already remediated. Manage Sensor Gateway connection Use it to manage the connection between your sensor and Carbon Black Cloud. You can have your workloads communicate with Carbon Black Cloud either directly, or through a Sensor Gateway. For details, see Manage Connectivity to Carbon Black Cloud.
Results
You are present with confirmation of your action. The status of the workloads and their sensors updates accordingly.