Endpoint Standard: Black Screen after sensor installation 3.7.0.1503
book
Article ID: 288645
calendar_today
Updated On: 12-23-2021
Products
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Issue/Introduction
- When endpoint standard sensor is installed on systems, the systems freeze post login and the screen goes black.
- The endpoints experience slowness while accessing.
- The issue is observed when sensors are in active state.
- Systems return to normal once they are placed in bypass mode.
Environment
- Endpoint Standard: 3.7.0.1411 & 3.7.0.1503
- Microsoft Windows: All supported versions
Cause
Cause of the issue is detected as corrupt catalog databases. (Related to Microsoft function: "CryptCATAdminEnumCatalogFromHash")
Resolution
- Engage Microsoft and seek assistance to rebuild corrupt catalog database on affected machines.
- Workaround 1:
- Stop the cryptographic service
- Move the contents of "c:\windows\system32\catroot2" to another location
- Start the cryptographic service
1. Rebuild search index on the device, as well as purge old Windows 10 update files
- Open the Indexing Options screen in windows
- Hit “Advanced” at the bottom
- Select the “Rebuild” option in troubleshooting
2. To flush the older Windows Updates:
- Open the Disk Cleanup Utility
- Select the option in the bottom left to “Clean up System Files”
- Wait for the information to populate
- Select all options, then hit “OK”
- Confirm the deletion of the files
- Reboot the device once completed
3. If above steps do not resolve the issue, apply Microsoft February 2021 patches –
KB4598291 and
KB4598299
Feedback
Was this article helpful?
thumb_up
Yes
thumb_down
No