Environment
- EDR Sensor: 6.2.3+
- Microsoft Windows: All Supported Versions
Objective
To allow sensor VDI creation through Microsoft Sysprep
Resolution
- Before imaging, after sensor service ("CarbonBlack") has been stopped
- Create directory for "Sensor Group" private key file
mkdir %SYSTEMDRIVE%\cbtmp
- Export "Sensor Group" private key into a password-protected file for a one-time use during clone startup.
certutil -p password -exportPFX CarbonBlack * %SYSTEMDRIVE%\cbtmp\cb.pfx
- Remove the existing "Sensor Group" private key from the Certificate Store
certutil -delstore CarbonBlack Sensor*
- Machine Startup Script:
Additional Notes
If using Microsoft Sysprep to generate VDI clones, you will run into certificate errors if you do not follow the above guidance. Once the clone is generalized (sysprep creates new machine GUID), the relationship to the existing certs is lost since they are retrieved from the cert store locally based on the machine GUID which now no longer matches.
Related Content