CB PSC: GPO\Manual Upgrades Fail if GPO installed 3.2.1.51 - 3.4.0.1047
search cancel

CB PSC: GPO\Manual Upgrades Fail if GPO installed 3.2.1.51 - 3.4.0.1047

book

Article ID: 291992

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

  • Install Sensor Versions 3.2.1.51 - 3.4.0.1016 using GPO Software Installation
  • Use GPO Software Installation to upgrade sensor to 3.3.984 and above and upgrade will fail. 
  • Manual upgrade may also fail with the following errors in the msi.log:  
    "Failed to generate hash for file 'C:\Program Files\Confer\db_whi'. Error: 0x20"
"Error 2911: Could not remove the folder C:\Program Files\Confer\"
"Error 1310. Error writing to file: C:\Program Files\Confer\BladeRunner.exe. System error 0. Verify that you have access to that directory."
"Error 1321. The Installer has insufficient privileges to modify this file: C:\Program Files\Confer\scanner\apcfile.dll. System Error 5."
"Error 0x8000ffff: Incorrect parameters for GPO upgrade."

Environment

  • CB Defense PSC Console: All Versions
  • CB ThreatHunter Console: All Versions
  • CB Defense PSC Sensor: 3.2.1.51 - 3.4.0.1047
  • Microsoft Windows: All Supported Versions

Cause

This issue can happen if the currently installed sensor was installed by Group Policy and Group Policy is still actively managing the sensor. 

Resolution

PREVENTION ACTIONS

(If upgrade has not already been attempted using GPO Software Installation)

  • See https://community.carbonblack.com/t5/Knowledge-Base/PSC-How-to-Upgrade-Windows-Sensors-using-GPO/ta-p/84661
REMEDIATION ACTIONS
(If upgrade has already been attempted using GPO Software Installation)
  • Upgrade may still be possible using other software deployment methods. If not, then sensor will need to be uninstalled and re-installed. See additional notes for more information.

Additional Information

  • If HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\AppMgmt\{CB Defense GUID} registry key still exists on the device, then uninstall is not required. Simply configure GPO to allow future sensor upgrades via other deployment methods (Ex: manual, CB Defense Web Console) using using the instructions documented in https://community.carbonblack.com/t5/Knowledge-Base/Cb-Defense-How-to-Configure-GPO-to-Allow-Sensor-Upgrades/ta-p/40766
  • If HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\AppMgmt\{CB Defense GUID} registry does not exist on the device, then the sensor will need to be uninstalled and re-installed, but uninstall will no longer be possible using GPO. Use one of the other uninstall methods documented in https://community.carbonblack.com/t5/Knowledge-Base/CB-Defense-How-to-Uninstall-Windows-Sensor/ta-p/65560
  • At this time GPO/Manual Upgrades are successful only if GPO installed 3.4.0.1052 and above
  • GPO/Manual Upgrades will be successful as long as the upgrade version is not 3.3.984 and above
Powered by Wolken Software