Environment
- All Cb Defense Windows Sensor versions
Symptoms
- Cb Defense sensor installed using Group Policy Object (GPO)
- GPO will fail to deploy a newer sensor release
- Pushing upgraded sensor from Cb Defense Web Console fails
Cause
Sensor upgrade will fail because the Windows Group Policy Object (GPO) software deployment method prevents the following registry keys from being removed if you manually uninstall the sensor from Windows Programs and Features in Control Panel. You will not be able to re-install or upgrade to the latest sensor version unless the following registry keys are removed.
- HKEY_CLASSES_ROOT\Installer\Products\{Cb Defense GUID}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\{Cb Defense GUID}
The {Cb Defense GUID} is a string of characters randomly generated for each new sensor install.
If you delete HKEY_CLASSES_ROOT\Installer\Products\{Cb Defense GUID}, this registry key will continue to be re-created by the GPO until you also delete the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\AppMgmt\{Cb Defense GUID} reg key for that version. In that case the AppMgmt key for that Cb Defense version will also need to be removed.
Resolution
If circumstances require you to manually remove the sensor at any point in time, please use Windows Group Policy to remove the sensor. This will ensure that the sensor is completely uninstalled without leaving any install remnants or registry keys.
To do this in the Group Policy Management snap-in:
- Select Software Settings > Software Installation.
- Right-click the Cb Defense software package and select All Tasks > Remove.
- Select Immediately uninstall the software from users and computers
If there are still any previous Cb Defense sensor versions in addition to the current sensor version, then you will need to remove the older packages in addition to the current sensor package. If you only remove the current sensor version then the the Group Policy will uninstall the current sensor version and then re-install newest sensor version package which is still available on the GPO.
If you decided to proceed with manual un-installation of the sensor, then please use the sensor removal tool provided in Cb Defense: How to Uninstall Windows Sensor so that any remaining registry keys are removed.
If you are upgrading the sensor using Windows Group Policy then you will also need to manually remove the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\AppMgmt\{Cb Defense GUID} registry key otherwise the sensor upgrade will fail. This is because the HKEY_CLASSES_ROOT\Installer\Products\{Cb Defense GUID} this registry key will continue to be re-created by the GPO until this key is deleted.
Additional Notes
If you do not manually uninstall the sensor, then you will not be able to install a newer sensor version, whether pushed from GPO or from the Web Console. Using GPO or other mass-deployment methods will require you to use that method to uninstall the old sensor and then to deploy the new sensor.
Related Content
Cb Defense: Sensor Uninstalled After Attempted Upgrade (GPO)
Cb Defense: Sensor Upgrade Doesn't Complete Until Reboot
Cb Defense: How to Configure GPO to Allow Sensor Upgrades From Web Console
Cb Defense: Unable to upgrade to Sensor 3.2+ (GPO)
rogue policy preventing further software deployments
