Carbon Black Cloud: Amazon SSM agent & Amazon Cloud watch agent wont start when sensor enabled
search cancel

Carbon Black Cloud: Amazon SSM agent & Amazon Cloud watch agent wont start when sensor enabled

book

Article ID: 289651

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

  • Attempt to start AmazonCloudWatchAgent service, but the service will show starting...then stopped....then starting...then stopped....over and over again. It never starts.
  • Attempt to start AmazonSSMAgent service, but the service will show starting....then stopped. It never starts.

Environment

  • Carbon Black Cloud Console: All Versions
  • Carbon Black Cloud Windows Sensor: All Supported Versions
  • Microsoft Windows: All Supported Versions

Cause

Amazon SSM agent & Amazon Cloud watch agent exit when the sensor attempts to inject it's driver into these processes so that it can monitor their behaviors

Resolution

Create a Permission rule Performs any operation > Performs any API operation > Bypass for the following paths:
C:\Program Files\Amazon\AmazonCloudWatchAgent\amazon-cloudwatch-agent.exe
C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe
Powered by Wolken Software