Carbon Black Cloud: Sensors moves into bypass after upgrade, remains in bypass, and ELAM protection shows disabled

Carbon Black Cloud: Sensors moves into bypass after upgrade, remains in bypass, and ELAM protection shows disabled

search cancel

Carbon Black Cloud: Sensors moves into bypass after upgrade, remains in bypass, and ELAM protection shows disabled

book

Article ID: 292474

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense)

Issue/Introduction

Sensors upgraded in the UI stop checking in
Sensor shows in bypass mode in Carbon Black Cloud (CBC) Console
RepCLI commands cannot be run
Sensor cannot be taken out of bypass
CBC service shows unprotected
```
C:\> sc qprotection cbdefense
```

Environment

Carbon Black Cloud Sensor: 3.6.0.1979 - 3.6.0.2076
Microsoft Windows: All Versions with Early Launch Anti-Malware (ELAM) protections

Cause

Regression in sensor causes process to hang

Resolution

Issue is resolved in sensor versions 3.6.0.2121 and 3.7.0.1253
Workaround
1. Locate and edit cfg.ini file
2. Add field and value to end of cfg.ini
```
UnregisteredProtected=True
```
3. Reboot endpoint

Feedback

thumb_up Yes

thumb_down No