Disable Tamper Protection On The Windows Sensor
book
Article ID: 288009
calendar_today
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Carbon Black Hosted EDR (formerly Cb Response Cloud)
Issue/Introduction
To disable tamper protection on the Windows sensor
Environment
- EDR Windows Sensor: 7.2 and higher
- Windows 10 v1703 (Desktop) and higher
- Windows Server 2016 v1709 (Windows build 15163) and higher
Resolution
Method 1 : Via The Console
- Log into the console
- Go to the sensors page
- Click the group that the sensor resides in
- Select the edit icon
- Expand the Advanced tab and find the "Tamper Override Password"
- Click show to get the current. Also check for the history of passwords if this sensor has not connected since the last password change
Method 2: Via Admin CMD Prompt
- Open CMD as an Administrator
- Run the following command with the password obtained above
C:\Windows\CarbonBlack\CbEDRCLI.exe <override password>
Feedback
thumb_up
Yes
thumb_down
No