Disable Tamper Protection On The Windows Sensor
search cancel

Disable Tamper Protection On The Windows Sensor


Article ID: 288009


Updated On:


Carbon Black EDR (formerly Cb Response) Carbon Black Hosted EDR (formerly Cb Response Cloud)


To disable tamper protection on the Windows sensor


  • EDR Windows Sensor: 7.2 and higher
  • Windows 10 v1703 (Desktop) and higher
  • Windows Server 2016 v1709 (Windows build 15163) and higher


Method 1 : Via The Console

  1. Log into the console
  2. Go to the sensors page
  3. Click the group that the sensor resides in
  4. Select the edit icon
  5. Expand the Advanced tab and find the "Tamper Override Password" 
  6. Click show to get the current. Also check for the history of passwords if this sensor has not connected since the last password change

Method 2: Via Admin CMD Prompt

  1. Open CMD as an Administrator
  2. Run the following command with the password obtained above
    C:\Windows\CarbonBlack\CbEDRCLI.exe <override password>