Environment
- Carbon Black Cloud Windows Sensor: 3.6 and Higher
- Microsoft Windows: All Supported Versions
Symptoms
- Observe the following error when selecting C:\ProgramData\CarbonBlack
You don't currently have permission to access this folder.
Click Continue to permanently get access to this folder.
- When Continue is selected, observe a new error
You have been denied permission to access this folder.
To gain access to this folder you will need to use the security tab.
- If the security tab is selected and the Advanced button is selected to change owner, the owner cannot be displayed
Name: C:\ProgramData\CarbonBlack
Owner: Unable to display current owner
- If Change is selected, observe that System is owner and cannot be changed
Name: C:\ProgramData\CarbonBlack
Owner: System
Cause
Permission to C:\ProgramData\CarbonBlack is denied and the owner cannot be changed from System due to Carbon Black tamper protection
Resolution
- Disable Sensor Tamper Protection and Enforcement by Enabling Bypass. There are several ways this can be accomplished. See Carbon Black Cloud: How to Get Started With Bypass Mode
- If Bypass is not available or possible, boot the device into Windows Safe Mode and attempt to manually collect sensor logs by zipping the following directory: C:\ProgramData\CarbonBlack
Related Content