You can use Windows Event Viewer to determine the current status of a background scan on a Windows endpoint.

Prerequisites

Use this procedure in the following environment:
  • Carbon Black Cloud sensor: all versions
  • Endpoint Standard
  • Microsoft Windows (all supported versions)

See Background Scans.

Procedure

  1. Connect to the Windows endpoint.
  2. Open Windows Event Viewer.
  3. Go to Windows Logs and select Application.
  4. Look or search for items where the Source is CbDefense and the Event ID is 17.
    Messages include:
    BACKGROUND_SCAN: DISABLED
    Indicates background scan is disabled.
    This message is recorded every time the Carbon Black Cloud (cbdefense) service restarts (typically after a reboot) and every 24 hours of service runtime.
    BACKGROUND_SCAN: IN_PROGRESS
    Indicates background scan is in progress 
    This message is recorded when the background scan initially starts, every time the Carbon Black Cloud service restarts, and every 24 hours of service runtime. 
    BACKGROUND_SCAN: COMPLETE
    Indicates background scan is complete 
    This message is recorded once the background scan completes, every time the Carbon Black Cloud service restarts, and every 24 hours of service runtime.