EDR: VirtualBox VMs Fail to Start After Windows Sensor Upgrades to 7.3.0
search cancel

EDR: VirtualBox VMs Fail to Start After Windows Sensor Upgrades to 7.3.0

book

Article ID: 285239

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response) Carbon Black Hosted EDR (formerly Cb Response Cloud)

Issue/Introduction

VirtualBox VMs do not start if the Windows host is running EDR win-7.3.0.

Environment

  • EDR Windows Sensor:  7.3.0
  • Virtual Box: 6.1.34

Cause

VirtualBox hardening script may have issues with the updated, secure signed certificate on the CB win-7.3.0 cbedramsi.dll file.

Resolution

  • Until VirtualBox hardening script permits the new signed certificate, the Windows host should stay on EDR win-7.2.2.
  • VMs within VMware Workstation or Microsoft HyperV start properly when the Windows host is running EDR win-7.3.0.

Additional Information

  • CB win-7.3.0 uses a new more secure certificate; SHA2 384bit Sectigo CA with integrity checks.
  • If a case is opened with Virtual Box, VMware Carbon Black Support and Engineers could provide additional information.  
     
Powered by Wolken Software