cb-core.exe

cb-core Engine for VMware Carbon Black Endpoint Security

CPU Usage

N/A

Memory

N/A

Location

N/A

Publisher

N/A

Best Practices

Use centralized management for policy updates, verify digital signatures on all cb-core components, minimize unnecessary module changes, and run periodic health checks from the admin console. Limit local modifications to approved configurations only.

Recommended Actions

To maintain cb-core performance and security, keep the agent updated to the latest version, review policy changes in the console, regularly monitor event logs, and ensure network connectivity to the management server. If issues arise, collect logs and follow vendor troubleshooting steps.

Privacy Considerations

cb-core telemetry is governed by the enterprise policy and administrator settings. Review data collection and sharing options in the admin console to manage what is reported to the Cloud Console and adjust logging levels accordingly.

What is cb-core.exe?

cb-core.exe is the central runtime for the cb-core Endpoint Security Agent. It orchestrates policy enforcement, threat detection, and local protection routines, while coordinating with the Carbon Black Cloud console. As a background service, it initializes on startup, manages modules, and handles real-time event processing.

cb-core.exe loads core modules, starts the policy engine, and maintains a secure TLS channel to the management console. It uses multi-threading to perform scanning, rule evaluation, and health checks, while persisting configuration changes and reporting events to the cloud.

Is cb-core-exe Safe?

cb-core.exe is the legitimate core executable of the cb-core Endpoint Security Agent from VMware Carbon Black, installed by enterprise deployments. When retrieved from official channels and integrated with the management console, it runs as a signed, trusted service. In standard configurations, it should not be flagged as malware, though tampering or misplacement can cause false positives.

Is cb-core-exe a Virus?

cb-core.exe is not a virus when obtained from official VMware Carbon Black sources and installed through approved channels. However, malware authors sometimes mimic legitimate processes by copying executables or placing them in suspicious folders. If cb-core.exe appears in an uncommon path or lacks a valid signature, treat it as potentially malicious and verify using vendor tooling.

How to Verify Legitimacy

Check File Location: Verify cb-core.exe resides in an official installation directory, such as C:\Program Files\VMware Carbon Black\cbcore.exe or C:\Program Files\VMware Carbon Black\cbcore\cb-core.exe.
Verify Digital Signature: Open the file properties and confirm the publisher is VMware Carbon Black, Inc. or VMware, Inc., with a valid Authenticode signature.
Check File Hash: Compute the SHA-256 hash of the executable and compare it to the hashes published by VMware for your version in the official portal.
Scan for Malware: Run a full system scan with a trusted AV/endpoint protection tool and verify there are no suspicious copies in Temp or AppData locations.

Red Flags: cb-core.exe files located outside the official VMware Carbon Black directories, unsigned or with altered timestamps, or renamed copies in user-writable paths (e.g., Downloads, AppData) should be treated as suspicious. Unusual network activity or frequent name changes are also warning signs.

Why is it Running?

Reasons it's running:

Policy Enforcement and Real-Time Protection: cb-core.exe runs the policy engine and real-time protection to block or alert on suspicious actions as defined by security rules and configurable baselines.
Cloud Communication and Telemetry: The process maintains a secure connection to the Carbon Black Cloud for policy updates, event reporting, and threat intelligence synchronization.
Module Initialization and Health Checks: On startup it initializes detector modules, validates dependencies, and performs periodic health checks to ensure the agent remains functional.
Update and Threat Intel Synchronization: cb-core.exe periodically fetches updates to signatures, rules, and configuration, ensuring protection against new threats.
Resource Management during Scans: During scans or policy enforcement, brief spikes in CPU or memory usage may occur as detection rules execute and telemetry is gathered.

Can I disable cb-core.exe safely?

Common Problems

Common Causes & Solutions

: Ensure cb-core.exe is up to date, schedule scans off-peak, limit concurrent scans, and verify no rogue copies are present in user directories.
: Check event logs for faults, verify digital signature, run a repair install if available, and confirm network access to the Cloud Console.
: Verify the Windows service is enabled, check for dependent services, and reinstall the agent if startup components are corrupt.
: Review security policies, whitelist trusted processes, and validate hashes for the allowed software before adjusting rules.
: Confirm network connectivity to the vendor portal, ensure firewall rules allow update traffic, and manually trigger a update cycle from the console.
: Run the installer repair or reinstall the cb-core agent from the official package to restore the core binary.

Frequently Asked Questions

What is cb-core-exe and what does it do?

cb-core.exe is the central engine of the cb-core Endpoint Security Agent. It enforces policies, runs detection rules, reports telemetry to the Cloud Console, and coordinates updates. It operates as a background service to provide continuous protection.

Is cb-core-exe safe to keep running on my PC?

Yes, cb-core.exe is a legitimate component of VMware Carbon Black's endpoint protection suite. It should be signed, located in official program folders, and show expected network activity and event logs in the management console. If anything looks unusual, verify with the vendor.

Why is cb-core.exe using CPU?

CPU usage can spike during scans, rule evaluations, or telemetry dispatch. Normal operation shows occasional bursts, but sustained high usage may indicate scans are running, policies are complex, or there is a misconfiguration or conflict with other security software.

Can I uninstall cb-core.exe or the cb-core agent?

Uninstalling the agent removes protection. If you must remove it, use the official uninstall procedure from the vendor or enterprise console, following your organization’s policy. Always ensure you have a replacement security solution in place.

How can I verify cb-core-exe is legitimate?

Verify the file location, check the Authenticode signature to confirm VMware Carbon Black as the publisher, compare SHA-256 hashes with vendor-provided values, and scan for any suspicious copies or tampering.

Where is cb-core-exe installed?

Common installation paths include C:\Program Files\VMware Carbon Black\cbcore.exe or C:\Program Files\VMware Carbon Black\cbcore\cb-core.exe. Exact paths depend on the deployment and version, as configured by your administrator.

Related Processes

Core daemon handling background tasks and event processing for the cb-core engine.

Windows service that manages the lifecycle and coordination of the cb-core agent.

Module responsible for updating signatures, rules, and policy configurations.