Carbon Black Cloud: Linux Sensors Showing "Grayed Out Policy" With Current Check-in Time, and Will Not Upgrade or Go Into Bypass From Console

search cancel

book

calendar_today

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Sensor in the console show grayed-out/italicized policy, but with recent sensor checkin time
Sensor will not accept requests from console, such as upgrade, bypass, and Live Response requests
Sensor fails upgrade and console reports “Sensor unresponsive” in Sensor Update Status

Carbon Black Cloud Linux Sensor: 2.12.X and 2.13.X versions
Linux: RHEL 7, Centos 7, Oracle 7
Run background scan checkbox enabled under Policies>Sensor page for policies with linux sensors

Behavior is caused by a product defect: PSCLNX-10515
This issue can occur on any 2.12.X or 2.13.X Linux sensor with an assigned policy that has "Run background scan" enabled under Policies>Sensor
Defect causes a deadlock to occur within the sensor, which prevents the sensor from actioning hints from the backend
Our Engineering team is still evaluating all situations/conditions when this can occur

A fix for PSCLNX-10515 has been included in the 2.14 Linux sensor release
Disable "Run background scan" for 2.12 and 2.13 sensors to prevent this behavior
Individual sensors that have encountered this issue can be addressed by endpoint or sensor restart
For sensors that have failed to upgrade, the upgrade job in the console needs to be stopped. A new upgrade job needs to be created after performing a sensor restart. It can take up to 4 hours for the console to completely stop the upgrade job

2.11 and earlier Linux sensors will not encounter this issue, as they do not support local scanner
In situations where the deadlock has occurred on the sensor side, but no recent policy change has been made, then visually the sensor won’t indicate this in the console

thumb_up Yes

thumb_down No