Carbon Black Cloud: Upgrade/Uninstall fails due to generic Error 1603.
search cancel

Carbon Black Cloud: Upgrade/Uninstall fails due to generic Error 1603.

book

Article ID: 287446

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense)

Issue/Introduction

Upgrade Fails, Uninstall fails.

Environment

  • Carbon Black Cloud Sensor: Version 3.7 and Above
  • Microsoft Windows: All Supported Versions

Cause

The OS preformed an upgrade and the sensor did not store cert signing info on some of the files. As a result this caused the sensor upgrade to fail, blocked by Tamper Protection. Once the sensor is upgraded it will keep track of the signing info and will not cause the sensor upgrade to fail in the future.

Resolution

This has been resolved in sensor 3.7+ so that you will not run into the issue again. This requires placing the sensor in bypass mode during the upgrade 3.7+.
 

Additional Information

  • Console upgrade should work and you can script the upgrade to place the sensor in bypass during the upgrade with SCCM GPO or other solutions. 
  • You can verify the issue if you have EEDR and go to the Investigate Page, Processes tab and search for the following.
(process_original_filename: "msiexec.exe" AND blocked_name: "c:\\program files\\confer\\cfg.ini") OR (process_original_filename: "msiexec.exe" AND blocked_name: "c:\\program files\\confer\\confer.ini")
Powered by Wolken Software