EDR: Sensor crashing unexpectedly
search cancel

EDR: Sensor crashing unexpectedly

book

Article ID: 288474

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

  • Sensor crashing unexpectedly 
  • Sensor process mini crash dump cb-<version>.xxx.dmp created at the time of service crash
  • Sensor process mini crash dump analysis shows following faulty stack
MODULE_NAME: cb

IMAGE_NAME:  cb.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  5ef63825

FAILURE_BUCKET_ID:  NULL_POINTER_READ_AFTER_CALL_c0000005_cb.exe!cb::cb_event_converter::GetProcessInfoFromCache

BUCKET_ID:  APPLICATION_FAULT_NULL_POINTER_READ_AFTER_CALL_cb!cb::cb_event_converter::GetProcessInfoFromCache+7a

Environment

  • EDR Sensor: 7.0.1, 7.1.0

Cause

 This issue was caused due to a Null Pointer Exception in cb_event_converter::GetProcessInfoFromCache()' - CB-32678

Resolution

Upgrade to version 7.1.1 Windows EDR sensor or higher
Powered by Wolken Software