Carbon Black Cloud: Blue Screen running Windows Sandbox

Carbon Black Cloud: Blue Screen running Windows Sandbox

Environment

  • Carbon Black Cloud Sensor: version 3.6.0.1941 and higher
    • Endpoint Standard (formerly CB Defense)
    • Enterprise EDR (formerly CB ThreatHunter)
  • Windows 10 KB5001330 April cumulative update.

Symptoms

Ctifile.sys causes BSOD when executing Windows Sandbox

Cause

After updating the KB5001330 April cumulative update, and when running Windows Sandbox with sensor in active state Blue screen appears

Resolution

We are working on this under DSEN-13835 and will update when this is resolved.

Additional Notes

  • As part of workaround, by removing the KB5001330 from the device and launching sandbox did not cause Blue screen.
  • With sensor in bypass mode and with KB5001330 installed in the device, blue screen did not appear.

Related Content


Was this article helpful? Yes No
100% helpful (4/4)
Article Information
Author:
Creation Date:
‎05-03-2021
Views:
958