With the Sensor Group Tamper Protection Level set to "Detection" and with "Create Alert" on hit configured for the Tamper Detection Threat Intelligence Feed, an "Tamper detection of CB sensor registry configuration" alert occurs every time a Windows sensor reboots. Also, the these events are searchable via the Process Search page using (alliance_score_cbtamper:*).

Alert:  regmod. First worte to \registry\machine\system\controlset001\services\carbonblack\security\security

• EDR Server: All Supported Versions
• EDR Sensor: 7.4.1.18957
• Microsoft Windows OS: All Supported Versions

The sensor will detect any Modifying of CarbonBlack registry keys and this registry modification is expected behavior of the Windows OS. The ControlSet001 registry entry is last control set booted with, why this only happens at reboot. 

• This issue is fixed in the 7.5.0 sensor release

• https://knowledge.broadcom.com/external/article/285649/edr-how-to-get-started-with-tamper-prote.html
• https://techdocs.broadcom.com/us/en/carbon-black/edr/edr-sensors/index/release-notes/edr-windows-sensor/windows-sensor-7-5-0-release-notes.html