Upgrading 4.0.3 Windows Sensors to 4.1.0 Windows Sensor can cause OS service failures and lead to connectivity problems because of an issue with the signature configuration of the new binary files.

• Carbon Black Cloud Console: Current Version
• Carbon Black Cloud Windows Sensor: 4.1.0 Version
• Microsoft Windows OS: Supported Versions

The issue in the 4.1.0.5463 CBC sensor was that due to a change in the way the CBC binaries were signed, and the CBC sensor failed to detect its own binaries as trusted files (they should have been given an approved "self" reputation).

• Workaround:
  • If sensor policies are setup to TERMINATE processes with an "unknown" reputation, they need to have the "Delay Execute for Cloud Scan" setting enabled to allow the sensor time to get a valid approved reputation for the new 4.1.0 CBC sensor binaries. 
• Permanent Fix:
  • Next sensor version will address the signature issue of the CBC binaries to prevent this potential failure. Release is TBD.

• Without the "Delay Execute for Cloud Scan" setting, the sensor will fail to initially approve the 4.1.0 sensor binaries based on their signature and give these binaries "Unknown" reputation. And IF the policy is designed in the Blocking and Isolation rules to TERMINATE based on that "Unknown" reputation, it will terminate not only the CBC sensor service, but all services that CBC is hooked into causing OS failure.