EDR: Sensor fails to unload old drivers on upgrade
Article ID: 289723
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
- Sudden reboot
- User logon fails with the message “The User Profile Service failed the logon”
Environment
- EDR Sensor: All versions
Cause
The below sensor drivers failed to unload properly during the upgrade
- C:\windows\system32\drivers\carbonblackk.sys
- C:\windows\system32\drivers\cbtdiflt.sys
Resolution
1) Run command:
3) Manually delete
4) Reboot the endpoint
5) Reinstall the desired sensor version
net stop carbonblack fltmc unload carbonblack2 ) Uninstall the sensor
3) Manually delete
- C:\windows\system32\drivers\carbonblackk.sys
- C:\windows\system32\drivers\cbtdiflt.sys
4) Reboot the endpoint
5) Reinstall the desired sensor version
Feedback
Yes
No
Powered by
