CB Response: Cannot cleanly stop and restart Linux Sensor with Cylance also installed
search cancel

CB Response: Cannot cleanly stop and restart Linux Sensor with Cylance also installed

book

Article ID: 288178

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

  • Newly installed Cb Response Sensor 6.x on Linux does not start and stop cleanly with Cylance also installed.
  • These errors can be observed in standard output:  
    systemctl status cbdaemon.service --full 
 cbdaemon.service - LSB: Bit9 Sensor 
Loaded: loaded (/etc/rc.d/init.d/cbdaemon; bad; vendor preset: disabled) 
Active: active (exited) since Tue 2018-10-23 12:42:05 EDT; 2min 40s ago 
Docs: man:systemd-sysv-generator(8) 
Process: 16009 ExecStart=/etc/rc.d/init.d/cbdaemon start (code=exited, status=0/SUCCESS) 

Oct 23 12:42:05 cmsisplx10 systemd[1]: Starting LSB: Bit9 Sensor... 
Oct 23 12:42:05 cmsisplx10 cbdaemon[16009]: Starting cbdaemon: WARNING: Logging before InitGoogleLogging() is written to STDERR 
Oct 23 12:42:05 cmsisplx10 cbdaemon[16009]: W1023 12:42:05.853521 16021 main.cpp:138] Found pid file from previous run that is not associated with a running process. Check for daemon cores. 
Oct 23 12:42:05 cmsisplx10 cbdaemon[16009]: [ OK ] 
Oct 23 12:42:05 cmsisplx10 systemd[1]: Started LSB: Bit9 Sensor.

Environment

  • CB Response Sensor: 6.x and higher
  • Linux: All supported platforms

Cause

  • Cylance is interfering with Cb Response sensor accessing its own files and directories.

Resolution

Add these three file specifications to the Cylance exclusion list:
  • /etc/init.d/cbdaemon
  • /etc/rc*/*cbdaemon
  • /usr/sbin/cbdaemon
Powered by Wolken Software