logo

Knowledge Base

Access official resources from Carbon Black experts

Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

CB PSC: GPO\Manual Upgrades Fail if GPO installed 3.2.1.51 - 3.4.0.1047

CB PSC: GPO\Manual Upgrades Fail if GPO installed 3.2.1.51 - 3.4.0.1047

Environment

  • CB Defense PSC Console: All Versions
  • CB ThreatHunter Console: All Versions
  • CB Defense PSC Sensor: 3.2.1.51 - 3.4.0.1047
  • Microsoft Windows: All Supported Versions

Symptoms

  • Install Sensor Versions 3.2.1.51 - 3.4.0.1016 using GPO Software Installation
  • Use GPO Software Installation to upgrade sensor to 3.3.984 and above and upgrade will fail. 
  • Manual upgrade may also fail with the following errors in the msi.log:  
    "Failed to generate hash for file 'C:\Program Files\Confer\db_whi'. Error: 0x20"
"Error 2911: Could not remove the folder C:\Program Files\Confer\"
"Error 1310. Error writing to file: C:\Program Files\Confer\BladeRunner.exe. System error 0. Verify that you have access to that directory."
"Error 1321. The Installer has insufficient privileges to modify this file: C:\Program Files\Confer\scanner\apcfile.dll. System Error 5."
"Error 0x8000ffff: Incorrect parameters for GPO upgrade."

Cause

This issue can happen if the currently installed sensor was installed by Group Policy and Group Policy is still actively managing the sensor. 

Resolution

PREVENTION ACTIONS

(If upgrade has not already been attempted using GPO Software Installation)

REMEDIATION ACTIONS
(If upgrade has already been attempted using GPO Software Installation)
  • Upgrade may still be possible using other software deployment methods. If not, then sensor will need to be uninstalled and re-installed. See additional notes for more information.

Additional Notes

  • If HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\AppMgmt\{CB Defense GUID} registry key still exists on the device, then uninstall is not required. Simply configure GPO to allow future sensor upgrades via other deployment methods (Ex: manual, CB Defense Web Console) using using the instructions documented in PSC: How to Configure GPO to Allow Sensor Upgrades
  • If HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\AppMgmt\{CB Defense GUID} registry does not exist on the device, then the sensor will need to be uninstalled and re-installed, but uninstall will no longer be possible using GPO. Use one of the other uninstall methods documented in Endpoint Standard: How to Uninstall Windows Sensor
  • At this time GPO/Manual Upgrades are successful only if GPO installed 3.4.0.1052 and above
  • GPO/Manual Upgrades will be successful as long as the upgrade version is not 3.3.984 and above

Related Content


Was this article helpful? Yes No
100% helpful (2/2)
Article Information
Author:
CB_Support
Creation Date:
‎09-09-2020
Views:
2423
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.