Endpoint Standard: Local Scanner Never Updates After Installation
search cancel

Endpoint Standard: Local Scanner Never Updates After Installation

book

Article ID: 290491

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense)

Issue/Introduction

  • UI SIG column shows the grey box when signatures have never been uploaded
  • Running 'repcli updateavsignature' produces error
RepCLI.exe - Application Error
"The application was unable to start correctly 0xc000022. Click Ok to close the application."

 

Environment

  • Carbon Black Cloud (formerly CB PSC) Console: All Supported Versions
  • Endpoint Standard (formerly CB Defense) Sensor: 3.5.0.1523 and Higher
  • Microsoft Windows Server 2016
  • BeyondTrust Privilege Management for Windows (x64) 5.6.126.0

Cause

BeyondTrust DLL (pghook.dll) is being inserted into Carbon Black processes, triggering tamper protection by the Sensor

Resolution

Add exclusions to BeyondTrust Privilege Management Client (was Avecto Privilege Guard Client) to avoid Carbon Black folders and processes
https://community.carbonblack.com/t5/Knowledge-Base/Carbon-Black-Cloud-Recommended-Third-Party-Anti-virus-Exclusions/ta-p/47533

Additional Information

The Linux and MacOS sensor don't have a local scanner component so it will not update