Live Response execfg command fails with "Remote error 0x80070002"

Live Response execfg command fails with "Remote error 0x80070002"

search cancel

Live Response execfg command fails with "Remote error 0x80070002"

book

Article ID: 290613

calendar_today

Updated On:

Products

Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter) Carbon Black Cloud Endpoint Standard

Issue/Introduction

Cannot run repcli commands locally. Message mentions sysfer.dll

Environment

Carbon Black Cloud Console: All Versions
Carbon Black Cloud Sensor: 3.6.0.2072
Microsoft Windows: All Supported Versions
Third party AV service

Cause

AV service is blocking sensor actions

Resolution

Ensure AV exclusions are added for the sensor on the third party AV service
If AV exclusions are in place and issue persists, open a case with support and provide:
- Procmon capture from the endpoint while reproducing the issue
- Sensor logs after issue was reproduced

Feedback

thumb_up Yes

thumb_down No