Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: Unable to save the Windows Sensor logs on 3.6 and above

Carbon Black Cloud: Unable to save the Windows Sensor logs on 3.6 and above


  • Carbon Black Cloud Windows Sensor: 3.6 and Higher
  • Microsoft Windows: All Supported Versions


  • Observe the following error when selecting C:\ProgramData\CarbonBlack
You don't currently have permission to access this folder.
Click Continue to permanently get access to this folder.
  • When Continue is selected, observe a new error
You have been denied permission to access this folder.
To gain access to this folder you will need to use the security tab.
  • If the security tab is selected and the Advanced button is selected to change owner, the owner cannot be displayed
Name: C:\ProgramData\CarbonBlack
Owner: Unable to display current owner
  • If Change is selected, observe that System is owner and cannot be changed
Name: C:\ProgramData\CarbonBlack
Owner: System


Permission to C:\ProgramData\CarbonBlack is denied and the owner cannot be changed from System due to Carbon Black tamper protection


  1. Disable Sensor Tamper Protection and Enforcement by Enabling Bypass. There are several ways this can be accomplished. See Carbon Black Cloud: How to Get Started With Bypass Mode
  2. If Bypass is not available or possible, boot the device into Windows Safe Mode and attempt to manually collect sensor logs by zipping the following directory: C:\ProgramData\CarbonBlack 

Related Content

Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Creation Date: