App Control: Not able to create an Indicator Set Exception
book
Article ID: 288565
calendar_today
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
Not able to add Indicator set exception because of the error:
Database error creating Exception
Environment
App Control Console: 8.5 and above
Cause
An error handling null values in public variables for file C:\Program Files (x86)\Bit9\\Parity Console\WebUI\include\DataObjects\Rules.php
Resolution
Logon into the app control server
If you have an App control Agent installed in the end point please follow the below steps otherwise skip to the next step :
Open CMD as admin
Execute the following commands to stop the App Control Agent:
cd "C:\Program Files (x86)\Bit9\Parity Agent"
dascli password <your CLI or global password without the quotes>
dascli tamperprotect 0
net stop parity
fltmc unload paritydriver
Stop the app control server and reporter services
In Windows search for Services.msc and open it.
Look for the service Carbon Black App Control Reporter.
Do right click on it and select Stop.
Look for the service Carbon Black App Control Server.
Do right click on it and select Stop.
Create a backup of C:\Program Files (x86)\Bit9\Parity Console\WebUI\include\DataObjects\Rules.php
Open the file C:\Program Files (x86)\Bit9\Parity Console\WebUI\include\DataObjects\Rules.php and replace the value of line 219
$this->restrict_access,
with the following entry:
$this->restrict_access ?: 0,
Save the change.
Open a CMD as admin an execute the below command
IISReset
Start the App Control Server and Reporter services
In Windows search for Services.msc and open it.
Look for the service Carbon Black App Control Reporter.
Do right click on it and select Start.
Look for the service Carbon Black App Control Server.
Do right click on it and select Start.
If you have an App Control Agent installed , follow the below steps
Open CMD as admin
execute the below commands
fltmc load paritydriver
net start parity
Additional Information
The issue is being track under the defect EP-12718 and the fix will be deliver in App Control Server 8.7.0.