Live Query is Supported on:

  • Windows Clients running Windows 7+, 64-bit devices only
  • Windows Servers running Windows 2008 R2+, 64-bit devices only
  • macOS 10.10+
  • macOS Catalina
  • Red Hat 6+
  • Red Hat 7
  • CentOS 7
  • Ubuntu 16.04+
  • SUSE 12+
  • OpenSUSE 15 & 42
  • Amazon Linux 2

Additional Live Query Support Information:

  • For Windows & macOS, an upgrade to the 3.3 sensor (or later) is required
  • Sensor version 3.4.0.820+ is required if using a proxy for endpoints
  • For Linux, an upgrade to the 2.3 sensor (or later) is required
  • Users with "Use Live Query" privileges enabled in their role can run queries and view results
  • Users with "View Live Query" privileges enabled in their role can only view results
  • Live Query is powered by Osquery an open source project written in SQL

Carbon Black Cloud on AWS GovCloud (US) Support

This section is specific only to Carbon Black Cloud on AWS GovCloud (US) customers.

Live Query is Supported on:

Live Query on VMware Carbon Black Cloud on AWS GovCloud (US) is only supported on Windows 10, 64-bit devices only.

Important: (FIPS LIMITATION)

The Carbon Black Cloud sensor relies on an open source third-party osquery tool (https://osquery.io/) to perform Live Queries. Osquery uses a non-FIPS 140-2 validated version of openssl for some cryptographic functions that are performed as part of satisfying those queries. Therefore, if FIPS 140-2 compliance is a requirement, be aware that Live Queries may perform TLS handshakes as part of the query such as ones that hit the “curl” table, or may gather cryptographic file hashes using the non-FIPS verified version of openssl. Until this is resolved, please be mindful of this limitation.

Additional Live Query Support Information:

  • For Windows, an upgrade to the 3.3 sensor (or later) is required
  • Sensor version 3.4.0.820+ is required if using a proxy for endpoints
  • Users with "Use Live Query" privileges enabled in their role can run queries and view results
  • Users with "View Live Query" privileges enabled in their role can only view results
  • Live Query is powered by Osquery an open source project written in SQL
  • All OSs must be currently running the 4.1.2 Osquery build version