• Select a sensor in the UI redirects to the sensor page of a different sensor name
• Multiple sensors reporting to the EDR cluster with the same sensor ID
• The sensor report in the EDR UI changes hostnames as each endpoint checks in at different times
• Doing a process search for the sensor ID will result in multiple hostnames listed under the search facets

• EDR Server: 6.x and Higher
• EDR Sensor: All supported versions
• EDR Sensors imaged using a common gold disk
• Microsoft Windows: All Supported Versions
• Gold disk is pre-configured with a static sensor ID

1. Update each problematic endpoint to reset their sensor ID. This will result in the endpoint receiving a fresh ID the next time it checks in - https://community.carbonblack.com/t5/Knowledge-Base/EDR-Sensor-How-to-reset-sensor-ID-in-Windows/ta-p/108551
2. Update the gold disk image to prevent future sensors from registering with the same ID
   1. Log in as an admin user to the master machine 
   2. Log into an admin CLI 
   3. Stop the Carbon Black services: 

sc stop carbonblack
sc stop carbonblackk

4. From an admin command line, run: 

reg delete hklm\software\carbonblack\config /v SensorId

5. Create a new gold disk image 

• The master gold disk must be re-generated with an empty sensor ID so that each new endpoint can have a unique one generated for it by the EDR server
• Process event data will still show the correct sensor name and information, but selecting the sensor name in Process Analysis may still redirect to a different endpoint. 
• Resetting the sensor ID will cause the sensor to register as a new endpoint. This means old sensor data will not be linked to the new sensor. A workaround to find historical sensor data is to search for the computer name in process search.