Environment
- EDR Windows Sensor: All Verisons
- Microsoft Windows: All Supported Versions
Symptoms
After running the uninst.exe file to remove the Windows sensor, there are registry key files that remain, such as:
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Cb Enterprise Response Sensor
Cause
This happens when using the C:\Windows\CarbonBlack\uninst.exe to uninstall instead of the Add/Remove Programs feature of the Windows OS.
Resolution
This is a known issue with the uninst.exe tool and is being worked on by Carbon Black Product Management. There are two options to resolve this:
- Remove the sensor using the built-in Windows Add/Remove Programs
- Use the uninst.exe tool, then clean up the registry keys manually if desired.
Additional Notes
- The leftover registry keys are harmless and will cause no issues if left alone.