You can use the Carbon Black Cloud console to enable the running of a one-time background scan on any endpoint sensor assigned to a policy.

Procedure

  1. In the left navigation pane, click Enforce > Policies.
  2. Select the policy to modify.
  3. Click the Sensor tab and select Run background scan.
    • Standard: (processes maximum 20 files per minute) is recommended as the default.
    • Expedited: (processes 100 files per minute) is recommended for testing and emergency incidents.
      Important: System performance is affected due to increased use of asset resources (CPU, memory, disk IO). Applies only to Windows sensors version 3.3 and later and Linux sensors version 2.12 and later.
  4. Click Save.

Results

After it is initiated, the current background scan state is logged to the NT Event Log or syslog together with the "BACKGROUND SCAN" tag. RepMgr logs status on each start and then again every 24 hours. The scan completed status message is "BACKGROUND SCAN: COMPLETE."

All background scans that run based on Policy are logged in the Windows Application Logs under Event ID 17.