Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: Live Response Execfg Commands Return Error "Command must be executed from an existing directory that you have 'write' access to"

Carbon Black Cloud: Live Response Execfg Commands Return Error "Command must be executed from an existing directory that you have 'write' access to"

Environment

  • Carbon Black Cloud Web Console: All Versions
  • Carbon Black Cloud Windows Sensor: 3.0.x.x and Higher
  • Microsoft Windows: All Supported Versions

Symptoms

  • execfg command run within a Live Response session returns the following error:
    c:\users\{UserName}\desktop\> execfg powershell.exe /c "set-executionpolicy unrestricted -force"
    Preparing file...
    Command must be executed from an existing directory that you have 'write' access to.

Cause

This issue is caused when execfg is leveraged within Live Response to execute applications that do not have stdout or stderr messages

Resolution

Leverage exec in situations where there is no stdout or stderr messages

Additional Notes

  • The below error can safely be ignored as the command executes without issue.
Command must be executed from an existing directory that you have 'write' access to.
  • ​​​​The above error message output will be addressed in a future backend release.

Was this article helpful? Yes No
45% helpful (4/9)
Article Information
Author:
Creation Date:
‎12-12-2018
Views:
5512
Contributors