Carbon Black Cloud: RepUx.exe - Bad Image error with third party applications
Article ID: 285441
Updated On:
Products
Carbon Black Cloud Workload
Carbon Black Cloud Audit and Remediation (formerly Cb Live Ops)
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Carbon Black Cloud Managed Detection (formerly Cb Threatsight)
Issue/Introduction
- After upgrading to or installing the 3.5 and above sensor version there are reports or RepUx.exe - Bad Image that appear on system boot or toggling the system tray icon.
- Errors are linked to third party applications
Environment
- Carbon Black Cloud Windows Sensor: 3.5 and above
- Microsoft Windows: All Supported Versions
Cause
When tamper protection detects third party DLLs (ex. other av software) attempting to load into CB processes, this issue may also be observed. To avoid these types of issues, VMware Carbon Black always recommends that you exclude the following locations if using another Security or Anti-Virus Utility
Resolution
- Add the recommended exclusions to third party applications for the paths listed for CBC sensor
- If third party application exclusions do not work or the application does not have an option to add exclusions, please open a case to investigate further
- Disable "Display sensor message in system tray" in the Carbon Black Cloud Policy > Sensor tab. (This will only prevent repux.exe application errors from occurring. This will not resolve the issue with scanhost.exe failing to start)
Additional Information
A workaround is to uncheck the checkbox for the Sensor UI: Detail message in the policy or policies of devices.
Feedback
Yes
No
Powered by
