How to Determine the Signature Version for VMware Carbon Black

Summary: How to find out what the latest virus definition for VMware Carbon Black is and what the current installed virus definition is on an endpoint.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Instructions

Affected Products:

  • VMware Carbon Black

This article discusses how to check the local signature version for VMware Carbon Black. VMware Carbon Black uses a technology that is called Virus Definition Files (VDF) to load signatures for use locally. Several methods are available to validate the latest VDF version and the VDF version that is installed on an endpoint.

Table of Contents

How to check the latest VDF Version available online

To verify the latest VDF version available and the Published Date open the link below:
https://www.carbonblack.com/vdflookup/ This hyperlink is taking you to a website outside of Dell Technologies.

VDF History Search Page

Back to Top

How to check the current VDF version on an endpoint using the VMware Carbon Black Cloud console

It is possible to verify the VDF version that is installed on a specific endpoint following the steps below:

  1. Log in to the Carbon Black Cloud console.
  2. Go to Endpoints page:
    Click Endpoints
  3. Search for a specific endpoint by name or using the available filters:
    Search for endpoint
  4. Hover the hover over the sign in the SIG column and wait for the text to appear showing the VDF Version installed on the endpoint:
    Hover over SIG field

Back to Top

How to check the local installed VDF version on an endpoint

With online access not always being available, it is possible to check the local signature version on the endpoint through RepCLI. Approved administrators through CLI_USERS do not have to have been set to leverage this method.

  1. Log in to the endpoint with an administrative user.
  2. Right-click Start > Run.
  3. In the Run dialog box type cmd and click OK to open a Command Prompt:
    Run cmd
  4. Browse to the folder C:\Program Files\Confer typing the command: 
    cd C:\Program Files\Confer
  5. To check the VDF version run the command below: 
    Repcli status

    The Local Scanner Version correlates to the version of the VDF files on the endpoint.
    Run commands in Command Prompt
    Note: If a policy disables On-Access Scanning, or if no signature files have been updated on the endpoint, the Local Scanner Version may be blank.

Back to Top

How to force the VDF version to update using RepCLI

To update the local signature version on the endpoint through RepCLI Follow the below steps.

  1. Log in to the endpoint with an administrative user.
  2. Right-click Start > Run.
  3. In the Run dialog box type cmd and click OK to open a Command Prompt:
    Run cmd
  4. Browse to the folder C:\Program Files\Confer typing the command: 
    cd C:\Program Files\Confer
  5. To update the VDF version, run the command below: 
    Repcli updateavsignature -wait

    Run commands in Command Prompt

Back to Top

To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.

Affected Products

VMware Carbon Black
Article Properties
Article Number: 000126416
Article Type: How To
Last Modified: 08 Aug 2024
Version:  11
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.