You can perform actions on selected VM workloads and their sensors from the Enabled tab.

Prerequisites

Install sensors on eligible VM workloads. You can view eligible workloads in the Not Enabled tab. For information on how to install sensors on VM workloads, see the Sensor Installation guide.

Procedure

  1. On the left navigation pane, click Inventory > VM Workloads and select the Enabled tab.
  2. Locate the Status column and select the check box for one or more VM workloads to take action on.
  3. Select an action from the Take Action dropdown menu.
    Option Description
    Add to asset groups Displays only if you are using asset groups to manage your VM workloads. This option lets you add selected VM workloads to specified asset groups.
    Remove from asset groups Displays only if you are using asset groups to manage your VM workloads. This option lets you remove selected VM workloads from specified asset groups.
    Assign policy Determines prevention behavior. Each workload sensor is assigned a policy. You can set an automatic assignment of a policy to sensors or manually assign one of the pre-defined policies.
    Update sensors Updates the sensor version on the selected VM workload or the sensors on all present workloads.
    Start background scan The sensor performs an initial, one-time inventory scan in the background to identify malware files that are pre-existing on the workload.
    • If the policy controlling the workload has background scans enabled, the sensor runs the type of scan specified in that policy. (standard or expedited)
    • If the policy controlling the workload does not have background scans enabled, the sensor runs a standard background scan by default.

    For general information regarding how background scans are handled in Carbon Black Cloud, see Background Scans.
    Pause background scan Releases the workloads from the background scan.

    If the scan is in progress as a result of policy and you pause the background scan, it is temporarily paused. The scan restarts when the service or VM workload restarts.
    Enable bypass Disables policy enforcement on the workload. The sensor stops sending data to the cloud. For more information, see Bypass Reasons.
    Disable bypass Enables policy assignment to sensors.
    Quarantine assets Quarantines workloads that are detected as interacting badly. This limits the outbound traffic and stops all inbound traffic to the VM workloads.
    Unquarantine assets Releases VM workloads from the quarantine state.
    Uninstall sensors Uninstalls macOS or Windows sensors. After you uninstall a sensor, it persists on the VM Workloads page as a deregistered sensor until you delete it.
    Delete deregistered assets Completely removes the sensor from the Carbon Black Cloud console.
    Disable Live Response Use Live Response to perform remote investigations, contain ongoing attacks, and remediate threats.
    Important: This action cannot be undone. You must reinstall the sensor to enable Live Response.
    Query assets Runs a predefined or your own SQL query against the VM workload.
    Apply NSX Tag Remediates compromised VM workloads by applying NSX distributed firewall policies with associated tags.
    Remove NSX Tags Remove NSX tags when the vulnerable VM workloads are already remediated.
    Manage Sensor Gateway connection Manages the connection between your sensor and Carbon Black Cloud. You can have your workloads communicate with Carbon Black Cloud either directly, or through a Sensor Gateway. For details, see Manage Connectivity to Carbon Black Cloud.

Results

You are presented with a confirmation of your action. The status of the workloads and their sensors updates accordingly.