Endpoint Standard: RepUX.exe error (0xc0000022) without exclusions in BeyondTrust Privilege Management/Avecto
Article ID: 292223
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Issue/Introduction
- Error appears for RepUx.exe on login or startup with Sensor in Active mode
RepUx.exe - Application Error The application was unable to start correctly (0xc0000022). Click OK to close the application
- Error does not appear with Sensor in Bypass mode
- Error appears whether "Sensor UI: Detail message" is enabled or disabled in Carbon Black Cloud Policy
Environment
- Carbon Black Cloud Console: All Versions
- Carbon Black Cloud Sensor: 3.5.0.1523 and Higher
- Endpoint Standard (was CB Defense)
- Windows 10 v2004 (10.0.19041)
- BeyondTrust Privilege Management for Windows (x64) 5.6.126.0
Cause
BeyondTrust DLL (pghook.dll) is being inserted into Carbon Black processes, triggering tamper protection by the Sensor
Resolution
Add exclusions to BeyondTrust Privilege Management Client (was Avecto Privilege Guard Client) to avoid Carbon Black folders and processes
https://community.carbonblack.com/t5/Knowledge-Base/Carbon-Black-Cloud-Recommended-Third-Party-Anti-virus-Exclusions/ta-p/47533
https://community.carbonblack.com/t5/Knowledge-Base/Carbon-Black-Cloud-Recommended-Third-Party-Anti-virus-Exclusions/ta-p/47533
Additional Information
- If the error occurs on a different Windows OS or version of Privilege Guard and is not resolved as above, please open a case with Carbon Black Technical Support and provide
- Procmon and Sensor Logs with Sensor Active (Bypass mode logs not required)
Feedback
Yes
No
Powered by
