Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

App Control: Agent Crashing or Disconnecting due BeyondTrust is Attempting to Inject privman32.dll file

App Control: Agent Crashing or Disconnecting due BeyondTrust is Attempting to Inject privman32.dll file


  • App Control Agent (formerly CB Protection): All Supported Versions
  • BeyondTrust Software


  • Event log has EventID: 7023, The Cb Protection Agent service terminated with the following error: %%-1073741819
  • dascli status - returns 'Cannot connect to user agent'


BeyondTrust is attempting to inject privman32.dll into the Parity Agent, and Tamper Protection stops the modification, but the action still causes the agent to crash and restart itself. 


  1. Exclude App Control directories via Anti-Virus Exclusions for Agent (Windows)
  2. For Windows 7 through Windows 10 endpoints 
  • Go to following Beyond Trust 
  • Add a registry key expandable string value entered, named "ExcludedApps", with the following information added to the Data tab:
C:\Windows\System32\drivers\Parity.sys;C:\ProgramData\Bit9\Parity Agent\;C:\Program Files\Bit9\Parity Agent\;C:\Program Files (x86)\Bit9\Parity Agent\;C:\Program Files\Bit9\Parity Agent\Parity.exe;C:\Program Files (x86)\Bit9\Parity Agent\Parity.exe;C:\Program Files\Bit9\Parity Agent\Crawler.exe;C:\Program Files (x86)\Bit9\Parity Agent\Crawler.exe;C:\Program Files\Bit9\Parity Agent\Dascli.exe;C:\Program Files (x86)\Bit9\Parity Agent\Dascli.exe;C:\Program Files\Bit9\ParityAgent\Notifier.exe;C:\Program Files (x86)\Bit9\Parity Agent\Notifier.exe;C:\Program Files\Bit9\Parity Agent\Timedoverride.exe;C:\Program Files (x86)\Bit9\Parity Agent\Timedoverride.exe;
  1. For Windows OS prior to 7:
  • Replace C:\ProgramData\Bit9\Parity Agent\ with C:\Documents and Settings\All users\Application Data\Bit9\Parity Agent\ in the values listed above.
  1. To complete the changes, a reboot of the endpoint is advised.

Additional Notes

  • As a general rule for any registry modification, it is highly recommended to perform a backup of the registry prior to any changes
  • Reboot will be recommended for full effect

Related Content

Labels (1)
Was this article helpful? Yes No
No ratings
Article Information
Creation Date: