How to Determine the Signature Version for VMware Carbon Black

Affected Products:

• VMware Carbon Black

This article discusses how to check the local signature version for VMware Carbon Black. VMware Carbon Black uses a technology that is called Virus Definition Files (VDF) to load signatures for use locally. Several methods are available to validate the latest VDF version and the VDF version that is installed on an endpoint.

Table of Contents

• How to check the latest VDF Version available online
• How to check the current VDF version on an endpoint using the VMware Carbon Black Cloud console
• How to check the local installed VDF version on an endpoint
• How to force the VDF version to update using RepCLI

How to check the latest VDF Version available online

To verify the latest VDF version available and the Published Date open the link below:
https://www.carbonblack.com/vdflookup/

Back to Top

How to check the current VDF version on an endpoint using the VMware Carbon Black Cloud console

It is possible to verify the VDF version that is installed on a specific endpoint following the steps below:

1. Log in to the Carbon Black Cloud console.
2. Go to Endpoints page:
   
3. Search for a specific endpoint by name or using the available filters:
   
4. Hover the hover over the sign in the SIG column and wait for the text to appear showing the VDF Version installed on the endpoint:
   

Back to Top

How to check the local installed VDF version on an endpoint

With online access not always being available, it is possible to check the local signature version on the endpoint through RepCLI. Approved administrators through CLI_USERS do not have to have been set to leverage this method.

1. Log in to the endpoint with an administrative user.
2. Right-click Start > Run.
3. In the Run dialog box type cmd and click OK to open a Command Prompt:
   
4. Browse to the folder C:\Program Files\Confer typing the command:

   cd C:\Program Files\Confer

5. To check the VDF version run the command below:

   Repcli status

   
   The Local Scanner Version correlates to the version of the VDF files on the endpoint.
   
   Note: If a policy disables On-Access Scanning, or if no signature files have been updated on the endpoint, the Local Scanner Version may be blank.

Back to Top

How to force the VDF version to update using RepCLI

To update the local signature version on the endpoint through RepCLI Follow the below steps.

1. Log in to the endpoint with an administrative user.
2. Right-click Start > Run.
3. In the Run dialog box type cmd and click OK to open a Command Prompt:
   
4. Browse to the folder C:\Program Files\Confer typing the command:

   cd C:\Program Files\Confer

5. To update the VDF version, run the command below:

   Repcli updateavsignature -wait

   
   

Back to Top

To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.