Environment
- Carbon Black Cloud Console: All Versions
- Carbon Black Cloud Sensor: All Supported Versions
Objective
Step-by-step guidance on troubleshooting an OS crash or BSOD.
Resolution
- Verify the impacted machine is running a supported and compatible Sensor version.
- Verify any installed third-party security applications (e.g. antivirus, real-time scanner, vulnerability scanner, etc.) have Sensor Exclusions in place and are granted proper Permissions in the impacted CBC Policy, if licensed for Endpoint Standard.
- Verify whether the issue is replicable while the Sensor is in Bypass.
- Verify whether the issue is replicable while running the latest Sensor version.
If the issue persists, open a case with Carbon Black Technical Support and provide the following items.
- Details on scale of issue, including number of systems impacted and any relevant hostnames or Device IDs.
- Impacted OS and Sensor versions.
- If licensed for Endpoint Standard, are there any blocks observed in the Console at the time of crash? If yes, provide any relevant Alert IDs.
- Sensor logs from an impacted device (Windows, macOS, Linux).
- Provide a Full Memory Dump or Core Dump, depending on the OS (Windows, macOS, Linux).
- Timestamp of crash.
- Can the crash be reproduced? If yes, what steps were performed?
- Is the issue replicable while the Sensor is in Bypass?
Additional Notes
- On Windows, mini dumps are several hundred KB in size and do not contain data necessary for in-depth analysis.
- If the issue cannot be resolved with troubleshooting from Carbon Black Technical Support, it may require further analysis by Carbon Black engineers, which will require the information above and may require additional diagnostics.
Related Content
