You can use RepCLI to locally manage certain Windows sensor functions.
RepCLI is included in Windows sensors beginning with version 3.3.0.953 on all supported Windows operating systems. RepCLI is located in C:\Program Files\Confer.
Active Directory-based SID authentication provides full access to all RepCLI commands for Windows sensors. Not all commands require authentication. To enable authentication, see Enable RepCLI Authentication for Windows Sensors.
To run RepCLI, open a command prompt window and change to the appropriate directory. Run RepCLI commands in this window; for example, repcli status
. Commands should be on a single line.
The following RepCLI commands are available for Windows sensors:
Command | Description | Authentication Required? | Example |
---|---|---|---|
bypass | Enables (1) or disables (0) bypass mode. | Yes | repcli bypass 0 |
capture | Generates logs for support. The logs are written as a single compressed file named confer-temp.zip or psc_sensor.zip. Only CLI_USERS have access to the file. | No | repcli capture C:\Windows\Temp |
cloud <argument> | Sensor checks in with the Carbon Black Cloud console. For a list of arguments, run repcli cloud . |
Yes | repcli cloud hello |
compliance scan | Performs compliance scan and returns rules ran PASS/FAIL for each rule and aggregated result number of rules run, score, percentage, and so forth. | Yes | repcli compliance scan |
deviceid | Returns the Device ID value in the cfg.ini file. |
No | repcli deviceid |
find | Searches for <filename> or <hash> in the database and displays file-related information. | Yes | repcli find cbtest.exe |
lastlivequerytime | Displays the last time that a LiveQuery session was run. | No | repcli lastlivequerytime |
status | Displays sensor state values such as version, cloud status, queue status, diagnostic status, enforcement status, and recent sensor alarms. | No | repcli status |
switchsensorgateway | Changes the connecion between the Carbon Black Cloud sensor and Carbon Black Cloud from:
|
No | repcli switchsensorgateway <directory of captured psc_sensor>/system_info/sgw_config.json |
updateavsignature | Initiates update of local scanner signatures. You can confirm the update by running the RepCLI status command. | No | repcli updateavsignature |
updateavsignature wait | Performs a synchronous update of local scanner signatures and returns success/failure as output. | No | repcli updateavsignature wait |
updateconfig | Directs RepMgr to read updated values from the cfg.ini file. | No | repcli updateconfig |