You can perform actions on selected endpoints and their sensors on the Endpoints tab.

Procedure

  1. On the left navigation pane, click Inventory > Endpoints and click the Endpoints tab.
  2. Locate the Status column and select the check box for the endpoints upon which to take action.
  3. Select an action:
    Option Description
    Add to asset groups Displays only if you are using asset groups to manage your endpoints. This option lets you add selected endpoints to specified asset groups.
    Remove from asset groups Displays only if you are using asset groups to manage your endpoints. This option lets you remove selected endpoints from specified asset groups.
    Assign policy Determines prevention behavior. Each sensor or sensor group is assigned to a policy.
    Update sensors Update the sensor version on the selected endpoints.
    Start background scan Initiate an initial, one-time inventory scan in the background to identify malware files that are pre-existing on the endpoints.
    • If the policy controlling the endpoint has background scan enabled, the sensor runs the type of scan specified in that policy (standard or expedited).
    • If the policy controlling the endpoint does not have background scan enabled, the sensor runs a standard background scan by default.

    For general information regarding how background scans are handled in Carbon Black Cloud, see: Background Scans.
    Pause background scan Release the endpoints from background scan.

    If the scan is in progress as a result of policy and you pause the background scan, it is temporarily stopped. The scan restarts when the service or endpoint restarts.
    Enable bypass Disable policy enforcement on the endpoint. The sensor stops sending data to the cloud. See Bypass Reasons.
    Disable bypass Enable policy assignment to sensors.
    Quarantine assets Quarantine endpoints that are detected as interacting badly. This limits the outbound traffic and stops all inbound traffic to such endpoints.
    Unquarantine assets Release endpoints from the quarantine state.
    Uninstall sensors Uninstall macOS and Windows sensors. After you uninstall a sensor, it persists on the Endpoints page as a deregistered sensor until you delete it.
    Delete deregistered assets Completely remove the sensor from the Carbon Black Cloud console.
    Disable Live Response Disable Live Response from performing remote investigations, containing ongoing attacks, and remediating threats.
    Caution: This action cannot be undone. You must reinstall the sensor to restore Live Response.
    Query assets Run a predefined or your own SQL query against the endpoint.
    Manage Sensor Gateway connection Use it to manage the connection between your sensor and Carbon Black Cloud. You can have your endpoints communicate with Carbon Black Cloud either directly, or through a Sensor Gateway. For details, see Manage Connectivity to Carbon Black Cloud.

Results

You are presented with a confirmation of your selected action. The status of the endpoints and their sensors updates accordingly.