EDR: LiveResponse Exception Encountered When Querying REG_BINARY Items
search cancel

EDR: LiveResponse Exception Encountered When Querying REG_BINARY Items


Article ID: 287429


Updated On:


Carbon Black EDR (formerly Cb Response)


  • Exception encountered when querying REG_BINARY items:
[DESKTOP-0475U5L] C:\WINDOWS\CarbonBlack> reg query HKLM\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0 -v 'Component Information'

Error: Internal Server Error - <!DOCTYPE html>
<meta charset="utf-8">
<title>VMWware Carbon Black EDR</title>
<meta name="viewport" content="width=device-width, initial-scale=1">

{ background-color: rgb(234, 240, 246); color: rgb(51, 51, 51); cursor: auto; line-height: 1.4; font-family: Helvetica Neue, Helvetica, Arial, sans-serif; font-size: 13px; font-style: normal; font-weight: 400; }


{ display: flex; flex-direction: row; justify-content: center; align-items: center; height: 400px; }

<div id="error-container">
<div style="text-align: right">
<img src="/images/cb.png">
<div style="text-align: left">
Internal Server Error</h1>
<h3>Whoa! Sorry about that!</h3>
<p>Not sure what happened, but it's not meant to work like that!</p>
<p>If you're seeing this consistently, can you tell us about it so we can fix it?
Send us an email at <a href="mailto:[email protected]" target="_new">[email protected]</a>.</p>
  • Exception output in the /var/log/cb/liveresponse/debug.log:
2021-10-12 14:51:37 [762628] <err> cb.liveresponse.lr_api_blueprint - Unhandled exception from API request.
Traceback (most recent call last):
File "/usr/share/cb/virtualenv/lib64/python3.9/site-packages/flask/app.py", line 1950, in full_dispatch_request
rv = self.dispatch_request()
File "/usr/share/cb/virtualenv/lib64/python3.9/site-packages/flask/app.py", line 1936, in dispatch_request
return self.view_functions[rule.endpoint](**req.view_args)
File "/usr/share/cb/virtualenv/lib/python3.9/site-packages/cb/auth/authn_service.py", line 387, in wrapped_f
File "/usr/share/cb/virtualenv/lib/python3.9/site-packages/cb/liveresponse/utils.py", line 22, in wrapped_f
File "/usr/share/cb/virtualenv/lib/python3.9/site-packages/cb/liveresponse/lr_api_blueprint.py", line 234, in command
File "/usr/share/cb/virtualenv/lib/python3.9/site-packages/cb/liveresponse/lr_api_blueprint.py", line 31, in make_response_simplejson
File "/usr/share/cb/virtualenv/lib64/python3.9/site-packages/simplejson/_init_.py", line 395, in dumps
return _default_encoder.encode(obj)
File "/usr/share/cb/virtualenv/lib64/python3.9/site-packages/simplejson/encoder.py", line 296, in encode
chunks = self.iterencode(o, _one_shot=True)
File "/usr/share/cb/virtualenv/lib64/python3.9/site-packages/simplejson/encoder.py", line 378, in iterencode
return _iterencode(o, 0)
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xff in position 12: invalid start byte

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/share/cb/virtualenv/lib/python3.9/site-packages/cb/liveresponse/lr_api_blueprint.py", line 96, in unhandled_exception
AttributeError: 'UnicodeDecodeError' object has no attribute 'code'



  • EDR Server: 7.x Versions


This issue is being investigated by VMWare CB Engineering.


The issue can be worked around by using the execfg command instead:
[DESKTOP-0475U5L] C:\WINDOWS\CarbonBlack>  execfg reg query HKLM\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0 /v "Component Information" 

    Component Information    REG_BINARY    000000000000000000000000FFFFFFFF