You can use Windows Event Viewer to determine the current status of a background scan on a Windows endpoint.
Prerequisites
Use this procedure in the following environment:
- Carbon Black Cloud sensor: all versions
- Endpoint Standard
- Microsoft Windows (all supported versions)
See Background Scans.
Procedure
- Connect to the Windows endpoint.
- Open Windows Event Viewer.
- Go to Windows Logs and select Application.
- Look or search for items where the Source is
CbDefense and the Event ID is 17.
Messages include:
BACKGROUND_SCAN: DISABLED
Indicates background scan is disabled.
This message is recorded every time the Carbon Black Cloud (cbdefense) service restarts (typically after a reboot) and every 24 hours of service runtime.
BACKGROUND_SCAN: IN_PROGRESS
Indicates background scan is in progress
This message is recorded when the background scan initially starts, every time the Carbon Black Cloud service restarts, and every 24 hours of service runtime.
BACKGROUND_SCAN: COMPLETE
Indicates background scan is complete
This message is recorded once the background scan completes, every time the Carbon Black Cloud service restarts, and every 24 hours of service runtime.
