Computers page shows agents with Unprotected policy and Red connected status
Receiving agent error events such as:
Carbon Black App Control Agent was unable to communicate with the kernel. Agent may be unprotected.
Unable to connect to the Kernel. Agent will not track files.
Carbon Black App Control Agent kernel is missing. Options[00000003] TotalFailures[18] FailureId[390]
Running "dascli status" returns the following:
Kernel: Not Connected, or
Kernel: 0.0.0.0
The agent installation log may have this error:
DIFXAPP: ERROR: Unable to open service 'ParityDriver' to start it because of error 0x424
0x424 = 1060, which is "The specified service does not exist as an installed service."
Environment
App Control Agent: All Supported Versions
Microsoft Windows: All Supported Versions
Cause
The App Control driver is not properly installed or loaded.
sc query parity (to check for service status)
sc query paritydriver (to check for driver status)
dascli status
Confirm that the Kernel is connect and if not continue with the following steps
On agent machine, check the version of parity.exe in 'C:\Program Files (x86)\Bit9\Parity Agent' or the path where is installed (right-mouse-> Properties-> Details tab).
In C:\Windows\System32\drivers, check if there's a parity.sys and its version (right-mouse-> Properties-> Details tab).
In C:\Windows\System32\DRVSTORE\parity_xxxxxxx, check if there's a parity.sys and its version (right-mouse-> Properties-> Details tab). If the version of parity.sys is the same as the version of the parity.exe and there is NO OTHER 'parity_xxxxxx' folder in c:\Windows\System32\DRVSTORE, go to the current 'parity_xxxxxx' folder in the DRVSTORE directory, right-click the parity.inf file, select 'Install'. Then reboot machine.
After the reboot, run the dascli status and verify that the Kernel now has a version.
If the version of parity.sys is NOT the same as the version of the parity.exe and there IS ANOTHER 'parity_xxxxxx' folder in c:\Windows\System32\DRVSTORE, you'll need to uninstall the agent and re-install it. Before re-installing, run this command and reboot: sc delete paritydriver. Also, delete the parity.sys in C:\Windows\System32\drivers and the 'parity_xxxxxx' folder in C:\Windows\System32\DRVSTORE. After rebooting, re-install the Bit9 agent.
Additional Information
In case the C:\Windows\System32\drivers\parity.sys file and C:\Windows\System32\DRVSTORE\parity_xxxxxx folder are both missing, try the following steps:
Find another machine with the same OS and the same agent version installed, with a healthy agent that does not show this issue.
Go to C:\Windows\System32\DRVSTORE\ and Copy the parity_xxxxxx folder.
Go back to the machine with the issue and paste the folder to the same location - C:\Windows\System32\DRVSTORE\
Right-click on the parity.inf file. Select install.
Reboot the machine.
Simply copying C:\Windows\System32\drivers\parity.sys from a known working machine (of the same version) and rebooting has also been shown to resolve the issue.