The cause is the Bit9 agent Carbon Black tamper protection updater. The Carbon Black directories are included in the tamper protection settings and that includes preventing the Carbon Black server from uninstalling a sensor.
Steps for Cb Protection 7.x
If the Cb Protection agent is connected and visible in the Console, open the Rules-> Software Rules-> Updaters tab. Locate and Disable the Windows 'Carbon Black Tamper Protection' Updater. This will globally disable the 'Carbon Black Tamper Protection' Updater.
Steps for Cb Protection 8.x
Starting with Cb Protection 8.0, the Cb Tamper Protection Updater was replaced with a Rapid Configuration. You'll find this in the console by going to Rules > Software Rules > Rapid Configs. Locate and disable the "Cb Response Tamper Protection" configuration in order to disable tamper for Cb Response sensors.
If the Cb Protection agent is not connected to the server, the following steps can be performed to manually disable the 'Carbon Black Tamper Protection' Updater:
1. Open Command prompt and run the following DASCLI commands
a) dascli password <CLI or GLOBAL password> b) dascli kernelconfig CarbonBlackTamperProtection 0