Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: Upgrade/Uninstall fails due to generic Error 1603.

Carbon Black Cloud: Upgrade/Uninstall fails due to generic Error 1603.

Environment

  • Carbon Black Cloud Sensor: Version 3.7 and Above
  • Microsoft Windows: All Supported Versions

Symptoms

Upgrade Fails, Uninstall fails.

Cause

The OS preformed an upgrade and the sensor did not store cert signing info on some of the files. As a result this caused the sensor upgrade to fail, blocked by Tamper Protection. Once the sensor is upgraded it will keep track of the signing info and will not cause the sensor upgrade to fail in the future.

Resolution

This has been resolved in sensor 3.7+ so that you will not run into the issue again. This requires placing the sensor in bypass mode during the upgrade 3.7+.
 

Additional Notes

  • Console upgrade should work and you can script the upgrade to place the sensor in bypass during the upgrade with SCCM GPO or other solutions. 
  • You can verify the issue if you have EEDR and go to the Investigate Page, Processes tab and search for the following.
(process_original_filename: "msiexec.exe" AND blocked_name: "c:\\program files\\confer\\cfg.ini") OR (process_original_filename: "msiexec.exe" AND blocked_name: "c:\\program files\\confer\\confer.ini")

Related Content


Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎07-19-2022
Views:
959
Contributors