You can use the Carbon Black Cloud console to enable the running of a one-time background scan on any endpoint sensor assigned to a policy.

Procedure

  1. In the left navigation pane, click Enforce > Policies.
  2. Select the policy to modify.
  3. Click the Sensor tab and select Run background scan.
    • Standard: (processes maximum 20 files per minute) is recommended as the default.
    • Expedited: (processes 100 files per minute) is recommended for testing and emergency incidents.
      Important: An increased use of asset resources (CPU, memory, disk IO) affects the system performance. This applies only to Windows sensors version 3.3 and later, and Linux sensors version 2.12 and later.
  4. Click Save.

Results

After it initiates, the current background scan state is logged to the NT Event Log or syslog together with the BACKGROUND SCAN tag. RepMgr logs status on each start and then again every 24 hours. The completed scan displays a BACKGROUND SCAN: COMPLETE message.

All background scans that run based on Policy are logged in the Windows Application Logs under Event ID 17.

Note: After executing a background scan, you must use an on-demand scan if you need to run a second or subsequent scan.