logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

EDR: Unable to Stop EDR Sensor Service Version 7.2.0 With 'sc stop carbonblackk' Fails With Error Code 105T

EDR: Unable to Stop EDR Sensor Service Version 7.2.0 With 'sc stop carbonblackk' Fails With Error Code 105T

Environment

  • EDR (formerly CB Response) sensor: 7.2.0 and above
  • Microsoft Windows: All Supported versions

Symptoms

sc stop carbonblackk no longer works with 7.2.0 and above to stop sensor service

Cause

This is due to the new tamper protection feature added to sensor 7.2.0


Resolution

From an elevated command prompt run 'fltmc unload carbonblackk' to unload the kernel driver after tamper protection is confirmed to be disabled

Additional Notes

  • To verify the driver has been unloaded run 'fltmc' in an elevated command prompt to confirm 'carbonblackk' is not listed  
  • Restarting the sensor service can be accomplished by starting the sensor service using the msc snapin or rebooting the endpoint

Related Content


Labels (1)
Labels:
Was this article helpful? Yes No
50% helpful (1/2)
Article Information
Author:
CB_Support
Creation Date:
‎04-28-2021
Views:
2533
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.