Carbon Black Cloud: Processes crash due to CbAMSI
search cancel

Carbon Black Cloud: Processes crash due to CbAMSI


Article ID: 286414


Updated On:


Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)


  • Issue first appears in, previous versions work
  • Path to execution includes non-ASCII characters such as kanji
  • Windows Application log shows a failure for MSACCESS.exe pointing to CbAMSI.dll as the failing module
    • Failed application path: C:\Program Files\Microsoft Office\Root\Office*\MSACCESS.EXE
      Failed module path: C:\WINDOWS\system32\CbAMSI.dll


  • Carbon Black Cloud Sensor:
    • Endpoint Standard
    • ThreatHunter
  • Microsoft Windows: All Supported Versions
  • Non-ASCII character file paths


This is due to a known issue with non-ASCII characters in CbAMSI


  • This issue is fixed in and higher and referenced as UAV-2191 in release notes

Additional Information

  • If upgrading to is not possible, workarounds are as follows
    • Re-install a sensor version prior to
    • Update file path to not include non-ASCII characters
    • Temporarily disable AMSI prevention functionality (contact Tech Support Team for further suggestions)
WARNING: Disabling AMSI will have a negative impact to the CBC's visibility as well as detection and prevention efficacy
  • If issue persists, open a support ticket with Carbon Black including a crash dump which can be gathered via procdump configuration