logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

Cb Defense: Sensor Uninstalled After Attempted Upgrade (SCCM)

Cb Defense: Sensor Uninstalled After Attempted Upgrade (SCCM)

Environment

  • Cb Defense Sensor: all versions
  • Microsoft Windows: all supported versions
  • Original deployment by SCCM

Symptoms

  • Cb Defense Sensor no longer installed on endpoint (not shown under Programs and Features)

  • Sensor (by Device Name) show as Active on Enrollment page in Cb Defense Web Console

  • Sensor shows pre-upgrade version

  • Last Check-In for Sensor outdated/not updating

  • No recent Events or Alerts for the Sensor are showing in the Web Console

  • Original install of Cb Defense Sensor using System Center Configuration Manager (SCCM)

  • Upgrade command sent from Web Console

  • Manual upgrade now fails

  • Rebooting does not allow the uninstall or upgrade to finish

Cause

Sensor upgrade will fail because the SCCM software deployment method will re-add the Cb Defense registry key for any and all Cb Defense packages which were used and which are currently still available in SCCM. SCCM software will re-add the Cb Defense registry key for pre-upgrade sensor version. As a result, the sensor will be unable to upgrade to the latest sensor version unless the following registry key is removed.

HKEY_CLASSES_ROOT\Installer\Products\{Cb Defense GUID}

The {Cb Defense GUID} is a string of characters randomly generated for each new sensor install.
This issue can happen if SCCM Configuration Manager is configured with detection rule: "This MSI product code must exist on the target system to indicate the presence of this application."

Resolution

  1. Use the Sensor Removal Tool provided in Cb Defense: How to Uninstall Windows Sensor to remove remaining Registry Keys
  2. Install the desired Sensor version using SCCM

Additional Notes

  • The HKEY_CLASSES_ROOT\Installer\Products\{Cb Defense GUID} registry key is re-added to the device when Configuration Manager re-evaluates the requirement rules for all deployments. The default value is every seven days and can be configured in SCCM under Administration > Client Settings > Software Deployment. You can also initiate this action from a client as follows: in the Configuration Manager control panel, from the Actions tab, select Application Deployment Evaluation Cycle.
  • To prevent SCCM from re-adding the HKEY_CLASSES_ROOT\Installer\Products\{Cb Defense GUID} registry key, please see Cb Defense: How to Configure SCCM to Allow Sensor Upgrades From Web Console

Related Content

About Client Settings in System Center Configuration Manager

Cb Defense: How to Configure SCCM to Allow Sensor Upgrades From Web Console

Cb Defense: Can’t Update Sensors Deployed by GPO

Cb Defense: How to Uninstall Windows Sensor

Cb Defense: How to Update Sensors from Dashboard

Cb Defense: Sensor Upgrade Doesn't Complete Until Reboot

rogue policy preventing further software deployments

Labels (1)
Was this article helpful? Yes No
50% helpful (1/2)
Article Information
Author:
aglasco
Creation Date:
‎12-20-2017
Views:
3346
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.