Health Check FailureId[1010]: Multiple GUID in the Registry
search cancel

Health Check FailureId[1010]: Multiple GUID in the Registry


Article ID: 286596


Updated On:


Carbon Black App Control (formerly Cb Protection)


The Agent is reporting failed Health Checks similar to:
Carbon Black App Control Agent detected a problem: Carbon Black App Control Agent has multiple GUID in the registry key [SOFTWARE\Classes\Installer\UpgradeCodes\BE699B28D1B16A04D9F1AA3A0C28A1C9] - expected[304D10CA0DAEE634D99BFBEE43FD4229], actual[304D10CA0DAEE634D99BFBEE43FD4229|18633383D60BA99428F49BE443CC1879]. Options[00000003] TotalFailures[3] FailureId[1010]


  • App Control Agent: Version 8.9.0+
  • Microsoft Windows: All Supported Versions


  • One of the previous versions of the Agent installer MSI files was not persisted on the system.
  • Typically such files are cached by the Windows installer in "C:\Windows\Installer\" folder or when deployed via SCCM in the "Ccmcache" folder.
  • When deploying via Intune or SCCM one must ensure that the option to persist the installation media is enabled.
  • If the previous installation media was removed, on the next agent upgrade attempt, the Windows Installer will only partially remove the previous agent files and registry keys which will result in a corruption and inability to upgrade successfully going forward.


Review the health check description:

  1. If the expected key is part of the actual key please follow the steps in this KB to cleanup the registry, for example:
    expected[304D10CA0DAEE634D99BFBEE43FD4229], actual[304D10CA0DAEE634D99BFBEE43FD4229|18633383D60BA99428F49BE443CC1879]
  2. If the expected key is not part of the actual key, then agent will need to be cleaned up before the next upgrade with the Agent uninstall tool described in this KB
    expected[304D10CA0DAEE634D99BFBEE43FD4229], actual[18633383D60BA99428F49BE443CC1879]

Additional Information

  • This Health Check was introduced with the release of Agent version 8.9.0.
  • If the versions do not match, this is typically caused by forcing the upgrade through by disabling Tamper Protection.
  • If the versions match, this is typically caused by the original installation media (ex: Policy-Installer.msi) not being cached on the endpoint.