46 docs tagged with "Knowledge Base"

Optional protections including uninstall protection, service stop detection, and file tamper detection for Endpoint Sensors

Comparison of API Version 1 and Version 2

Authenticating to the Cyberhaven API

How the Windows Sensor detects BSOD events and safely disables the driver to prevent restart loops, plus steps to re-enable

Case Status Definitions

Content Capture File Names

Steps to test API authentication and validate event output from the Cyberhaven API within the console

Information about Cyberhaven's release structure, release cadence, sensor deployment options, and end-of-support policy

Email to Case Disabled

Enable screen capture permission message

Prerequisites and setup guide for enabling Data at Rest Scanning (DARS) and OneDrive Cloud Sensor

Comprehensive coverage matrix for Cyberhaven Endpoint Sensor tracing and blocking capabilities

Reference for Endpoint Sensor attributes available in the Cyberhaven Console and APIs

Event Lineage Workflow - From Incident to Full Event Chain

Frequently asked questions about Chrome Extension 25.1.1 update, including installation, impact, and transition to self-hosting

Finding Windows Product GUID

Inaccurate Counts in Risks Overview

Troubleshooting guide for investigating when browser extension fails to capture upload events

Complete list of Linux Sensor processes and filesystem paths recommended for security tool exclusions

Side-by-side comparison of Performance and Coverage approved application lists for macOS blocking.

Troubleshooting guide for macOS CPU performance issues with Cyberhaven sensor

macOS Sensor deployment and MDM profile requirement

macOS Sensor Support Notice EOL 24.04

Use Jamf extension attributes to detect tampering of the Cyberhaven macOS Sensor and trigger remediation

Outlook plugin Disabled

Policy for Inactive Support Cases

Policy Override Behavior

Guidance on proxy settings and behavior for Cyberhaven Endpoint Sensor

Removing Inactive Sensors

This guide provides practical advice for building, testing, and tuning Content Identification rules to ensure they provide accurate detection with minimal false positives. Use this guide alongside the reference documentation to create effective detection rules.

View and manage health of deployed sensors, required actions, and platform-specific considerations

Support Portal Access

Support Portal Overview

How the Sensor traces and buffers events when devices are offline

Check service status, stop/start/restart the Linux Sensor, and generate diagnostics

Steps to stop/start, uninstall, gather diagnostics, profile performance, and handle installer rollback issues on Windows

How macOS Sensor 25.07 changes blocking scope using approved application lists to optimize performance.

How Cyberhaven licenses the Endpoint Sensor and how endpoints are counted

How to uninstall the Cyberhaven Linux Sensor on RHEL/Oracle Linux and Ubuntu/Debian

Steps to uninstall the Cyberhaven Sensor when Uninstall Protection is enabled on Windows and macOS

Methods for uninstalling the Cyberhaven Windows Sensor manually or via SCCM/Intune, including Uninstall Protection requirements

Troubleshooting guide for unsupported browser settings configuration errors and version requirements

Guidance on managing Cyberhaven Endpoint Sensor upgrades and version rollouts

Windows install command line variables

Windows security tool exclusions

Processes and filesystem paths used by the Windows Sensor; recommended for security tool exclusions