CB Defense: Sage Abra Suite is slow or doesn't launch
Article ID: 290028
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Issue/Introduction
Sage Abra Suite is slow or doesn't launch if Cb Defense Sensor is installed and Active
Environment
- CB Defense PSC Web Console: All Versions
- CB Defense Sensor: All Versions
- Microsoft Windows: All Versions
Cause
- The version of Launch32.exe located in a network share has a SUSPECT_MALWARE reputation
- SHA256 hash: f9a245c6761200e6611dd9fb05e73772ccf6ec95deab1a7241fb4397ff2a8316
Resolution
- Since Suspect Malware reputation takes priority over Local White (Cert Whitelist or Whitelist IT Tools), the Launch32.exe hash will need to be whitelisted
- Alternatively, the network share where the Launch32.exe is located can be bypassed when "Performs any API operation"
- The location of the network share will vary depending on the version and customization of Sage. Example locations below:
**\\worc-abra\AbraSuite\Client\*
**\sage\v2017\mas90\launcher\**
**\sage\v2017\mas90\launcher\**
Feedback
Yes
No
Powered by
