Endpoint Standard: Local Scanner Never Updates After Installation
book
Article ID: 290491
calendar_today
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Issue/Introduction
UI SIG column shows the grey box when signatures have never been uploaded
Running 'repcli updateavsignature' produces error
RepCLI.exe - Application Error
"The application was unable to start correctly 0xc000022. Click Ok to close the application."
Environment
Carbon Black Cloud (formerly CB PSC) Console: All Supported Versions
Endpoint Standard (formerly CB Defense) Sensor: 3.5.0.1523 and Higher
Microsoft Windows Server 2016
BeyondTrust Privilege Management for Windows (x64) 5.6.126.0
Cause
BeyondTrust DLL (pghook.dll) is being inserted into Carbon Black processes, triggering tamper protection by the Sensor
Resolution
Add exclusions to BeyondTrust Privilege Management Client (was Avecto Privilege Guard Client) to avoid Carbon Black folders and processes https://community.carbonblack.com/t5/Knowledge-Base/Carbon-Black-Cloud-Recommended-Third-Party-Anti-virus-Exclusions/ta-p/47533
Additional Information
The Linux and MacOS sensor don't have a local scanner component so it will not update