Environment

• Carbon Black Cloud Console: All Versions
• Carbon Black Cloud Sensor: 3.7.0.1253
• Microsoft Windows: All Support Versions

Symptoms

• Device goes to Blue Screen on boot
• Stop code may show "PFN_LIST_CORRUPT"

Cause

Resolution

• Place impacted Sensors into Bypass mode via Carbon Black Cloud Console to allow them to boot successfully and have ruleset removed
• A small subset of impacted devices may require an additional workaround requiring a reboot into Safe Mode, if so, please open a Support case as called out below

Additional Notes

• If you are having an issue with this please Open A Support Case so we may help resolve this. Please include the following in the Case to help

  Org_Key: 
  Device Name(s): 
  Device ID(s): 
  Operating System(s):

• If a device is not encountering a BSOD or boot-loop, the following can be used to verify the endpoint has received the corrected ruleset and no longer has the older ruleset

  C:\> "C:\Program Files\Confer\repcli.exe" status | findstr /i manifest

  • Reverted Rulesets (note Revision number)

    Ransomware Detection Revision[18]: Enabled (Manifest)
    Ransomware Prevention Revision[14]: Enabled (Manifest)
    Carbon Black Threat Intelligence Detection Revision[28]: Enabled (Manifest)
    Carbon Black Threat Intelligence Prevention Revision[14]: Enabled (Manifest)

  • Impacted Rulesets (note Revision number)

    Ransomware Detection Revision[27]: Enabled (Manifest)
    Ransomware Prevention Revision[16]: Enabled (Manifest)
    Carbon Black Threat Intelligence Detection Revision[35]: Enabled (Manifest)
    Carbon Black Threat Intelligence Prevention Revision[18]: Enabled (Manifest)
    Carbon Black Persistence Prevention Revision[2]: Enabled (Manifest)
    Carbon Black Persistence Detection Revision[3]: Enabled (Manifest)

  • Recent Last Manifest Content Update Time

    Last Manifest Content Update Time[MM/dd/yyyy hh:mm:ss]

Related Content