Endpoint Standard: RepUX.exe error (0xc0000022) without exclusions in BeyondTrust Privilege Management/Avecto

Endpoint Standard: RepUX.exe error (0xc0000022) without exclusions in BeyondTrust Privilege Management/Avecto

Environment

  • Carbon Black Cloud Console: All Versions
  • Carbon Black Cloud Sensor: 3.5.0.1523 and Higher
    • Endpoint Standard (was CB Defense)
  • Windows 10 v2004 (10.0.19041)
  • BeyondTrust Privilege Management for Windows (x64) 5.6.126.0

Symptoms

  • Error appears for RepUx.exe on login or startup with Sensor in Active mode
    RepUx.exe - Application Error
    The application was unable to start correctly (0xc0000022).
    Click OK to close the application
  • Error does not appear with Sensor in Bypass mode
  • Error appears whether "Sensor UI: Detail message" is enabled or disabled in Carbon Black Cloud Policy

Cause

BeyondTrust DLL (pghook.dll) is being inserted into Carbon Black processes, triggering tamper protection by the Sensor

Resolution

Add exclusions to BeyondTrust Privilege Management Client (was Avecto Privilege Guard Client) to avoid Carbon Black folders and processes
Carbon Black Cloud: Recommended Third-Party Anti-virus Exclusions

Additional Notes

  • If the error occurs on a different Windows OS or version of Privilege Guard and is not resolved as above, please open a case with Carbon Black Technical Support and provide

Was this article helpful? Yes No
0% helpful (0/1)
Article Information
Author:
Creation Date:
‎09-30-2020
Views:
10767
Contributors