Carbon Black provides diagnostic scripts for each supported platform. These make it easy to collect the information most commonly required for troubleshooting.
Step 1: Obtain the Diagnostic Tool
Step 2: Gather Diagnostics
- Once you have extracted the package, execute the binary with administrative privileges
- When prompted, press 0 to being the process.
The following could take up to 10+ minutes to finish.
Once complete, a new archive will be created in the local folder named for the time of generation:
Send the file to your Red Canary Incident Handler from the portal via Administration > Share a File.
(Remote option) Collect diagnostics via Live Response session
Open a Live Response session with the endpoint and perform the following:
You'll want to
put the diagnostic package in the desired remote directory
execfg CbDiag.exe --tar
get the resulting diagnostic package