logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

CB EDR: Sensor Install Hangs with 'Failed to install NetMon WFP Stream Drvier' Error

CB EDR: Sensor Install Hangs with 'Failed to install NetMon WFP Stream Drvier' Error

Environment

  • CB EDR Sensor: All Supported Versions
  • VMware Carbon Black App Control (Formerly CB Protection) Agent: Version 7.x

Symptoms

  • Installation hangs with with the following error message:
...
line 678 Writing out files...
line 679 Writing out cb.exe...
line 693 Writing out drivers...
line 704 Binaries written
line 712 Installing NetMon Stream Drivers...
line 718 Installing NetMon WFP Stream Driver...
line 723 Failed to install NetMon WFP Stream Drvier

Cause

  • VMware Carbon Black App Control Agent has Tamper Protection enabled.
  • The VMWare Carbon Black App Control Agent is still running on the sensor during the EDR install/upgrade.

Resolution

  • To disable Tamper Protection, please see this KB for reference: Disabling Tamper Protection
  • On later App Control versions, the local service (parity agent) also needs to be stopped/disabled: Disable Parity Agent Via CLI
    • This has been fixed in the 8.x App Control agent version, thus this step can be avoided by upgrading to a more recent version.

Related Content


Labels (1)
Labels:
Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎05-28-2020
Views:
988
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.