Knowledge Base

Yes

Environment

EDR Sensor: 6.2.3+
Microsoft Windows: All Supported Versions

Objective

To allow sensor VDI creation through Microsoft Sysprep

Resolution

Before imaging, after sensor service ("CarbonBlack") has been stopped
- Create directory for "Sensor Group" private key file
```
mkdir %SYSTEMDRIVE%\cbtmp
```
- Export "Sensor Group" private key into a password-protected file for a one-time use during clone startup.
```
certutil -p password -exportPFX CarbonBlack * %SYSTEMDRIVE%\cbtmp\cb.pfx
```
- Remove the existing "Sensor Group" private key from the Certificate Store
```
certutil -delstore CarbonBlack Sensor*
```
Machine Startup Script:
- Import the private key into the Local Machine Store
```
certutil -p password -importPFX CarbonBlack %SYSTEMDRIVE%\cbtmp\cb.pfx
```
- The sensor service will start and be stopped if there is no "sensor group" private certificate/key. If it is already running for whatever reason, the extra start command won't hurt anything.
```
sc start carbonblack
```
- Clean up password protected file and directory
```
rmdir %SYSTEMDRIVE%\cbtmp /Q /S
dir %SYSTEMDRIVE%\cbtmp
```

Additional Notes

If using Microsoft Sysprep to generate VDI clones, you will run into certificate errors if you do not follow the above guidance. Once the clone is generalized (sysprep creates new machine GUID), the relationship to the existing certs is lost since they are retrieved from the cert store locally based on the machine GUID which now no longer matches.

Knowledge Base

EDR: How to Configure Sysprep for Use With VDI Support

EDR: How to Configure Sysprep for Use With VDI Support

Environment

Objective

Resolution

Additional Notes

Related Content

EDR

Knowledge Base

EDR: How to Configure Sysprep for Use With VDI Support

EDR: How to Configure Sysprep for Use With VDI Support

Environment

Objective

Resolution

Additional Notes

Related Content

EDR

Thank you for your feedback.

Thank you for your feedback.