Carbon Black Cloud: Remote Error 0x80070002 When Using Reg Commands With Live Response
search cancel

Carbon Black Cloud: Remote Error 0x80070002 When Using Reg Commands With Live Response

book

Article ID: 285935

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

Remote error 0x80070002 - The system cannot find the file specified. When trying to use Reg Commands like reg query

Environment

  • Carbon Black Cloud Windows Sensor: All Supported Versions
  • Windows OS: All Supported Versions

Cause

This can happen if the requested registry key doesn't exist or when not surrounding a registry path that contains spaces with ""

Resolution

  • Run reg query PARENTPATH\ to display all existing registry keys to confirm the requested registry key exists
  • Any registry path that contains spaces must have quotes around it
Live Response for device 59289986
[59289986] C:\Windows\system32> reg query -v HKLM

Remote error  0x80070002 - The system cannot find the file specified.

[59289986] C:\Windows\system32> reg query HKLM
Subkeys:
   BCD00000000
   HARDWARE
   SAM
   SECURITY
   SOFTWARE
   SYSTEM
[59289986] C:\Windows\system32>

 

Additional Information

reg query HKLM\System\ will show all the registry keys that exist in System
the "reg -v" option can only be used with keys, not their parent hive/folder names alone