Endpoint Standard: Black Screen after sensor installation 3.7.0.1503
search cancel

Endpoint Standard: Black Screen after sensor installation 3.7.0.1503

book

Article ID: 288645

calendar_today

Updated On:

Products

Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

  • When endpoint standard sensor is installed on systems, the systems freeze post login and the screen goes black.
  • The endpoints experience slowness while accessing.
  • The issue is observed when sensors are in active state.
  • Systems return to normal once they are placed in bypass mode.

Environment

  • Endpoint Standard: 3.7.0.1411 & 3.7.0.1503
  • Microsoft Windows: All supported versions

Cause

Cause of the issue is detected as corrupt catalog databases. (Related to Microsoft function: "CryptCATAdminEnumCatalogFromHash")
 

Resolution

  • Engage Microsoft and seek assistance to rebuild corrupt catalog database on affected machines.
  • Workaround 1:
  1. Stop the cryptographic service
  2. Move the contents of "c:\windows\system32\catroot2" to another location
  3. Start the cryptographic service
  • Workaround 2: 
 1. Rebuild search index on the device, as well as purge old Windows 10 update files
  1. Open the Indexing Options screen in windows
  2. Hit “Advanced” at the bottom
  3. Select the “Rebuild” option in troubleshooting
 2. To flush the older Windows Updates:
  1. Open the Disk Cleanup Utility
  2. Select the option in the bottom left to “Clean up System Files”
  3.  Wait for the information to populate
  4. Select all options, then hit “OK”
  5. Confirm the deletion of the files
  6.  Reboot the device once completed
3. If above steps do not resolve the issue, apply Microsoft February 2021 patches – KB4598291 and KB4598299 
Powered by Wolken Software