Carbon Black Cloud: Upgrade/Uninstall fails due to generic Error 1603.
book
Article ID: 287446
calendar_today
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Issue/Introduction
Upgrade Fails, Uninstall fails.
Environment
Carbon Black Cloud Sensor: Version 3.7 and Above
Microsoft Windows: All Supported Versions
Cause
The OS preformed an upgrade and the sensor did not store cert signing info on some of the files. As a result this caused the sensor upgrade to fail, blocked by Tamper Protection. Once the sensor is upgraded it will keep track of the signing info and will not cause the sensor upgrade to fail in the future.
Resolution
This has been resolved in sensor 3.7+ so that you will not run into the issue again. This requires placing the sensor in bypass mode during the upgrade 3.7+.
Additional Information
Console upgrade should work and you can script the upgrade to place the sensor in bypass during the upgrade with SCCM GPO or other solutions.
You can verify the issue if you have EEDR and go to the Investigate Page, Processes tab and search for the following.
(process_original_filename: "msiexec.exe" AND blocked_name: "c:\\program files\\confer\\cfg.ini") OR (process_original_filename: "msiexec.exe" AND blocked_name: "c:\\program files\\confer\\confer.ini")