Your IT Consultant

Carbon Black Users Battling BSODs

August 25, 2022

It’s been a long while since I’ve seen the dreaded Blue Screen of Death (BSOD). As reported by The Register, users of VMware’s Carbon Black EDR (Endpoint Detection and Response) are not as fortunate. Apparently, the problem is caused by a change in the ruleset that was distributed for Carbon Black, which is impacting a bunch of machines across multiple organizations. Users observe BSODs as the Windows machines are stuck in a boot loop. According to VMware, the problem impacts devices running sensor versions from 3.6.x.x to 3.7.x.x.

VMware’s advice is to “place affected devices into bypass mode via the Carbon Black Cloud Console to allow them to boot successfully and have the ruleset removed, although a “small subset” may require an additional workaround and those looking after them should open a support ticket.” VMware stated that an update will be distributed to devices as they check in that rolls back the errant ruleset. I wonder how that will happen if the machine is stuck in a boot loop.

Email:   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://senseient.com