Carbon Black Cloud: Live Response execfg command fails with "Remote error 0x80070002"

Carbon Black Cloud: Live Response execfg command fails with "Remote error 0x80070002"

search cancel

Carbon Black Cloud: Live Response execfg command fails with "Remote error 0x80070002"

book

Article ID: 290613

calendar_today

Updated On:

Products

Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

Cannot run repcli commands locally. Message mentions sysfer.dll

Environment

Carbon Black Cloud Console: All Versions
- Enterprise EDR
Carbon Black Cloud Sensor: 3.6.0.2072
Microsoft Windows: All Supported Versions
Third party AV service

Cause

AV service is blocking sensor actions

Resolution

Ensure AV exclusions are added for the sensor on the third party AV service: https://community.carbonblack.com/t5/Knowledge-Base/Carbon-Black-Cloud-Recommended-Third-Party-Anti-virus-Exclusions/ta-p/47533
If AV exlcusions are in place and issue persists, open a case with support and provide:
- Procmon capture from the endpoint while reproducing the issue
- Sensor logs after issue was reproduced

Feedback

thumb_up Yes

thumb_down No