Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Slow boot times (Windows 8 / 8.1) after applying Windows updates

Slow boot times (Windows 8 / 8.1) after applying Windows updates

Version
Carbon Black Enterprise Protection (Bit9) 7.x


Issue

On Windows 8 / 8.1 machines, after applying Windows updates and rebooting, a black screen may appear for up to 3 minutes before the login window is displayed.

Cause

The Cb Protection (Bit9) agent starts up as a service when Windows boots.    Service start order is determined by the Service Group each service belongs to.   In older versions of the agent, a service group named "bit9drivers" was created and used to contain the agent service.   In newer versions of the agent, the service has been moved in to the "COM Infrastructure" group allowing it to start much earlier in the boot process.  

Solution

From an affected endpoint, open an elevated command prompt window and run the following command:

sc query group= "COM INFRASTRUCTURE" | findstr Parity

If the result of the query looks like "SERVICE_NAME: Parity", no further action should be taken here.   Contact Carbon Black Customer Support at support@carbonblack.com to discuss further troubleshooting steps.

If no results were returned with the above command, then run the following command:

sc query group= "bit9drivers" | findstr Parity

You should get a result that looks like "SERVICE_NAME: Parity".   If no result is returned from either query, contact Carbon Black Customer Support at support@carbonblack.com to discuss further troubleshooting steps.

If you did indeed get the result from the second query, you can run the following commands on the endpoint in order to resolve the slow boot times:

dascli password {CLI or Global Password here}
dascli tamperprotect 0
sc config Parity group= "COM Infrastructure"
dascli tamperprotect 1

Important Note(s)

Beginning with release 7.2.1.1825 (patch 11), the installer will automatically put the agent in to the COM Infrastructure group.  NOTE: this occurs for any *fresh* install of the agent, but not for agents upgraded from prior versions.  For any endpoints that were installed prior to this version, the above steps can be taken to improve startup times.

Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎05-17-2016
Views:
701