Carbon Black Cloud: Amazon SSM agent & Amazon Cloud watch agent wont start when sensor enabled
Article ID: 289651
Updated On: 05-21-2020
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Issue/Introduction
- Attempt to start AmazonCloudWatchAgent service, but the service will show starting...then stopped....then starting...then stopped....over and over again. It never starts.
- Attempt to start AmazonSSMAgent service, but the service will show starting....then stopped. It never starts.
Environment
- Carbon Black Cloud Console: All Versions
- Carbon Black Cloud Windows Sensor: All Supported Versions
- Microsoft Windows: All Supported Versions
Cause
Amazon SSM agent & Amazon Cloud watch agent exit when the sensor attempts to inject it's driver into these processes so that it can monitor their behaviors
Resolution
Create a Permission rule Performs any operation > Performs any API operation > Bypass for the following paths:
C:\Program Files\Amazon\AmazonCloudWatchAgent\amazon-cloudwatch-agent.exe
C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe
C:\Program Files\Amazon\AmazonCloudWatchAgent\amazon-cloudwatch-agent.exe
C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe
Feedback
Was this article helpful?
Yes
No
Powered by
