App Control: Agent Crashing or Disconnecting due BeyondTrust is Attempting to Inject privman32.dll file
search cancel

App Control: Agent Crashing or Disconnecting due BeyondTrust is Attempting to Inject privman32.dll file


Article ID: 288851


Updated On:


Carbon Black App Control (formerly Cb Protection)


  • Event log has EventID: 7023, The Cb Protection Agent service terminated with the following error: %%-1073741819
  • dascli status - returns 'Cannot connect to user agent'


  • App Control Agent (formerly CB Protection): All Supported Versions
  • BeyondTrust Software


BeyondTrust is attempting to inject privman32.dll into the Parity Agent, and Tamper Protection stops the modification, but the action still causes the agent to crash and restart itself. 


  1. Exclude App Control directories via Anti-Virus Exclusions for Agent (Windows)
  2. For Windows 7 through Windows 10 endpoints 
  • Go to following Beyond Trust 
  • Add a registry key expandable string value entered, named "ExcludedApps", with the following information added to the Data tab:
C:\Windows\System32\drivers\Parity.sys;C:\ProgramData\Bit9\Parity Agent\;C:\Program Files\Bit9\Parity Agent\;C:\Program Files (x86)\Bit9\Parity Agent\;C:\Program Files\Bit9\Parity Agent\Parity.exe;C:\Program Files (x86)\Bit9\Parity Agent\Parity.exe;C:\Program Files\Bit9\Parity Agent\Crawler.exe;C:\Program Files (x86)\Bit9\Parity Agent\Crawler.exe;C:\Program Files\Bit9\Parity Agent\Dascli.exe;C:\Program Files (x86)\Bit9\Parity Agent\Dascli.exe;C:\Program Files\Bit9\ParityAgent\Notifier.exe;C:\Program Files (x86)\Bit9\Parity Agent\Notifier.exe;C:\Program Files\Bit9\Parity Agent\Timedoverride.exe;C:\Program Files (x86)\Bit9\Parity Agent\Timedoverride.exe;
  1. For Windows OS prior to 7:
  • Replace C:\ProgramData\Bit9\Parity Agent\ with C:\Documents and Settings\All users\Application Data\Bit9\Parity Agent\ in the values listed above.
  1. To complete the changes, a reboot of the endpoint is advised.

Additional Information

  • As a general rule for any registry modification, it is highly recommended to perform a backup of the registry prior to any changes
  • Reboot will be recommended for full effect