EDR: Unload carbonblackk failed with error 0x801f0010
Article ID: 285096
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
- Run the following command and get the error result:
>fltmc unload carbonblackk Unload failed with error: 0x801f0010 Do not detach the filter from the volume at this time.
Environment
- EDR: 7.2.0 and above
- Windows: All supported versions
Cause
It is stopped by EDR tamper protection.
Resolution
1. Disable tamper protect:
C:\Windows\CarbonBlack\CbEDRCLI.exe <override_password>
2. From an elevated command prompt run the following command to stop carbonblack network service:
net stop carbonblack3. Then stop carbonblackk network service:
net stop carbonblackk4. Unload carbonblack drive:
fltmc unload carbonblackk
Feedback
Yes
No
Powered by
