Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: Sensors moves into bypass after upgrade, remains in bypass, and ELAM protection shows disabled

Carbon Black Cloud: Sensors moves into bypass after upgrade, remains in bypass, and ELAM protection shows disabled

Environment

  • Carbon Black Cloud Sensor: 3.6.0.1979 - 3.6.0.2076
  • Microsoft Windows: All Versions with Early Launch Anti-Malware (ELAM) protections

Symptoms

  • Sensors upgraded in the UI stop checking in
  • Sensor shows in bypass mode in Carbon Black Cloud (CBC) Console
  • RepCLI commands cannot be run
  • Sensor cannot be taken out of bypass
  • CBC service shows unprotected
    C:\> sc qprotection cbdefense

Cause

Regression in sensor causes process to hang

Resolution

  • Issue is resolved in sensor versions 3.6.0.2121 and 3.7.0.1253 
  • Workaround
    1. Locate and edit cfg.ini file
    2. Add field and value to end of cfg.ini
      UnregisteredProtected=True
    3. Reboot endpoint

Related Content


Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
Creation Date:
‎05-12-2021
Views:
1300
Contributors