Environment
Symptoms
- Exception encountered when querying REG_BINARY items:
[DESKTOP-0475U5L] C:\WINDOWS\CarbonBlack> reg query HKLM\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0 -v 'Component Information'
Error: Internal Server Error - <!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>VMWware Carbon Black EDR</title>
<meta name="viewport" content="width=device-width, initial-scale=1">
<style>
body
{ background-color: rgb(234, 240, 246); color: rgb(51, 51, 51); cursor: auto; line-height: 1.4; font-family: Helvetica Neue, Helvetica, Arial, sans-serif; font-size: 13px; font-style: normal; font-weight: 400; }
#error-container
{ display: flex; flex-direction: row; justify-content: center; align-items: center; height: 400px; }
</style>
</head>
<body>
<div id="error-container">
<div style="text-align: right">
<img src="/images/cb.png">
</div>
<div style="text-align: left">
<h1>500:
Internal Server Error</h1>
<h3>Whoa! Sorry about that!</h3>
<p>Not sure what happened, but it's not meant to work like that!</p>
<p>If you're seeing this consistently, can you tell us about it so we can fix it?
Send us an email at <a href="mailto:support@carbonblack.com" target="_new">support@carbonblack.com</a>.</p>
</div>
</div>
</body>
</html>
- Exception output in the /var/log/cb/liveresponse/debug.log:
2021-10-12 14:51:37 [762628] <err> cb.liveresponse.lr_api_blueprint - Unhandled exception from API request.
Traceback (most recent call last):
File "/usr/share/cb/virtualenv/lib64/python3.9/site-packages/flask/app.py", line 1950, in full_dispatch_request
rv = self.dispatch_request()
File "/usr/share/cb/virtualenv/lib64/python3.9/site-packages/flask/app.py", line 1936, in dispatch_request
return self.view_functions[rule.endpoint](**req.view_args)
File "/usr/share/cb/virtualenv/lib/python3.9/site-packages/cb/auth/authn_service.py", line 387, in wrapped_f
File "/usr/share/cb/virtualenv/lib/python3.9/site-packages/cb/liveresponse/utils.py", line 22, in wrapped_f
File "/usr/share/cb/virtualenv/lib/python3.9/site-packages/cb/liveresponse/lr_api_blueprint.py", line 234, in command
File "/usr/share/cb/virtualenv/lib/python3.9/site-packages/cb/liveresponse/lr_api_blueprint.py", line 31, in make_response_simplejson
File "/usr/share/cb/virtualenv/lib64/python3.9/site-packages/simplejson/_init_.py", line 395, in dumps
return _default_encoder.encode(obj)
File "/usr/share/cb/virtualenv/lib64/python3.9/site-packages/simplejson/encoder.py", line 296, in encode
chunks = self.iterencode(o, _one_shot=True)
File "/usr/share/cb/virtualenv/lib64/python3.9/site-packages/simplejson/encoder.py", line 378, in iterencode
return _iterencode(o, 0)
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xff in position 12: invalid start byte
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/share/cb/virtualenv/lib/python3.9/site-packages/cb/liveresponse/lr_api_blueprint.py", line 96, in unhandled_exception
AttributeError: 'UnicodeDecodeError' object has no attribute 'code'
Cause
This issue is being investigated by VMWare CB Engineering.
Resolution
The issue can be worked around by using the
execfg command instead:
[DESKTOP-0475U5L] C:\WINDOWS\CarbonBlack> execfg reg query HKLM\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0 /v "Component Information"
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0
Component Information REG_BINARY 000000000000000000000000FFFFFFFF
