Carbon Black provides diagnostic scripts for each supported platform. These make it easy to collect the information most commonly required for troubleshooting.

Step 1: Obtain the Diagnostic Tool

You can obtain the tool via the official Carbon Black Community, or have it sent to you by contacting your Incident Handler.

Step 2: Gather Diagnostics

  • Once you have extracted the package, execute the binary with administrative privileges
  • When prompted, press 0 to being the process.

The following could take up to 10+ minutes to finish.

Once complete, a new archive will be created in the local folder named for the time of generation:

Send the file to your Red Canary Incident Handler from the portal via Administration > Share a File.  

(Remote option) Collect diagnostics via Live Response session

Open a Live Response session with the endpoint and perform the following:

You'll want to put the diagnostic package in the desired remote directory

execfg CbDiag.exe --tar

Then get the resulting diagnostic package

Did this answer your question?