Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: Unable to Upgrade from 3.5.0.x on Windows Server 2019

Carbon Black Cloud: Unable to Upgrade from 3.5.0.x on Windows Server 2019

Environment

  • Carbon Black Cloud Windows Sensor: 3.5.0.1680 - 3.5.0.1801
  • Windows Server 2019

Symptoms

  • Upgrade from 3.5.0.x on Windows Server 2019 and upgrade will fail
  • If "Sensor UI: Detail message" is enabled in the policy, the Sensor UI icon will no longer appear in the Taskbar System Tray
  • The device will no longer check-in to the Carbon Black Cloud Console.
  • The Carbon Black Cloud Sensor service (Display name: Cb Defense) may no longer show as started

Cause

Issue occurs because the ctinet driver does not unload properly during sensor shutdown

Resolution

  • Carbon Black has created a fix to resolve the driver unload hang when upgrading in sensor version(s) 3.5.0.1813 and 3.6.0.1791 and above; however there is no way to backport this fix into any prior sensor versions.
  • To workaround this issue in any prior sensor version please follow the steps below:
  1. Place the sensor into bypass
  2. Reboot the Windows 2019 server
  3. Perform Upgrade

Additional Notes

  • Although Carbon Black is unable to reproduce the issue internally, we were able to identify the code path resulting in this issue as well as the fix
  • If Sensor has already been upgraded from the impacted versions and the above issue has been observed, the Sensor Removal Tool (SRT) may be required to cleanup the existing installation, and install the latest sensor version

Related Content


Was this article helpful? Yes No
0% helpful (0/1)
Article Information
Author:
Creation Date:
‎10-02-2020
Views:
1649
Contributors