Environment
- EDR Sensor: 7.2.0 or Higher
- Microsoft Windows: 7, 8.1, Server 2008, Server 2012 (pre-R2)
Symptoms
SMB shares are failing to connect after upgrading to a 7.2.0-win or higher sensor on Windows Server 2012 (pre-R2).
Cause
Resolution
1. For sensors running on Windows Server 2012 (pre-R2) the OS would need to be upgraded to Windows Server 2012 R2 to receive the Microsoft patch, since there is no patch available for pre-R2. If upgrading the OS is not feasible, you can workaround the issue by delaying the start of the sensor services to try to avoid the race condition at startup. While this addresses the SMB shares issue, this could cause some events to not be captured at the early stages of the system boot. To implement this workaround, open a command prompt as an administrator and issue the following commands:
sc config carbonblack start= delayed-auto
sc config carbonblackk start= demand
sc config carbonblack start= auto
sc config carbonblackk start= auto
2. For other OS versions, please patch the OS to resolve the issue.
Additional Notes
- Windows Server 2012 (pre-R2) is out of Microsoft mainstream support and did not receive the same patch fix as other versions.
Related Content
