You can perform actions on selected VM workloads and their sensors from the Enabled tab.

Prerequisites

Install sensors on eligible VM workloads. You can view eligible workloads in the Not Enabled tab. For information on how to install sensors on VM workloads, see the VMware Carbon Black Cloud Sensor Installation Guide.

Procedure

  1. Log in to the Carbon Black Cloud console and navigate to the Inventory > VM Workloads > Enabled tab.
  2. Locate the Status column and select the check box for one or more VM workloads you wish to take action upon.
    The Take Action drop-down menu appears.
  3. Select an action for a single or a group of VM workload sensors.
    Option Description
    Change policy Use it to determine prevention behavior. Each workload sensor, or sensor group is assigned to a policy. You can set an automatic assignment of a policy to sensors or manually assign one of the pre-defined policies.
    Update sensors Use it to update the sensor version on the selected VM workload or the sensors on all present workloads.
    Enable bypass Use it to disable policy enforcement on the workload. The sensor stops sending data to the cloud.
    Disable bypass Use it to enable policy assignment to sensors.
    Uninstall sensors Use it to uninstall macOS and Windows sensors. After you uninstall a sensor, it persists on the VM Workloads page as a deregistered sensor until you delete it.
    Delete deregistered assets Use it to completely remove the sensor from the Carbon Black Cloud console.
    Disable Live Response Use Live Response to perform remote investigations, contain ongoing attacks, and remediate threats
    Query assets Use it to run a predefined or your own SQL query against the VM workload.
    Disable background scan Use it to release the workloads from the background scan.
    Enable background scan Use it so that the sensor performs an initial, one-time inventory scan in the background to identify malware files that are pre-existing on the workload.
    • If the policy controlling the workload has background scans enabled, the sensor runs the type of scan specified in that policy.
    • If the policy controlling the workload does not have background scans enabled, the sensor runs a standard background scan by default.
    Quarantine assets Use it to quarantine workloads that detect as interacting badly. This limits the outbound traffic and stops all inbound traffic to such VM workloads.
    Unquarantine assets Use it to release VM workloads from the quarantine state.
    Apply NSX Tag Use it to remediate compromised VM workloads by applying NSX distributed firewall policies with associated tags.
    Remove NSX Tags Use it when the vulnerable VM workloads are already remediated.

Results

You are present with confirmation of your action. The status of the workloads and their sensors updates accordingly.