EDR: VirtualBox VMs Fail to Start After Windows Sensor Upgrades to 7.3.0
book
Article ID: 285239
calendar_today
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Carbon Black Hosted EDR (formerly Cb Response Cloud)
Issue/Introduction
VirtualBox VMs do not start if the Windows host is running EDR win-7.3.0.
Environment
- EDR Windows Sensor: 7.3.0
- Virtual Box: 6.1.34
Cause
VirtualBox hardening script may have issues with the updated, secure signed certificate on the CB win-7.3.0 cbedramsi.dll file.
Resolution
- Until VirtualBox hardening script permits the new signed certificate, the Windows host should stay on EDR win-7.2.2.
- VMs within VMware Workstation or Microsoft HyperV start properly when the Windows host is running EDR win-7.3.0.
Additional Information
- CB win-7.3.0 uses a new more secure certificate; SHA2 384bit Sectigo CA with integrity checks.
- If a case is opened with Virtual Box, VMware Carbon Black Support and Engineers could provide additional information.
Feedback
thumb_up
Yes
thumb_down
No