Environment
- Carbon Black Cloud Sensor: Version 3.6.0.1897 and higher
- Microsoft Windows: All Supported Versions
Symptoms
When Shadow Copy service is running may hang during backup
Cause
- Sensor is hooking into VSS
Resolution
- 3.6 fix released in sensor version 3.6.0.2127
- The 3.7 version of the fix is in sensor version 3.7.0.1411
Additional Notes
Workaround until sensor upgrade is possible:
- Open C:\Windows\System32
- Copy and Paste svchost.exe to the same folder, rename the copy version to svchostswprv.exe
- Open regedit.exe (Registry Editor)
- Navigate to Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\swprv
- Edit the value of ImagePath to "%SystemRoot%\System32\svchostswprv.exe -k swprv"
- Log into the Carbon Black Cloud Console
- Navigate to the Policy in place for the affected Devices
- Add a Permission Rule with the following values
Process/Applications at Path: **\System32\svchostswprv.exe
Operation Attempt: Performs any API operation
Action: Bypass
- Reboot the Device and run backup process to test function
Related Content
