- Many VMware Carbon Black customers have complained about the blue screen of death issues on their systems.
- VMware has investigated the issue and found that there is a conflict between Carbon Black and the most recent AV signature pack.
- The company has now fixed the issue for the endpoint security solution by updating the ruleset; they published an advisory as well.
VMware’s endpoint security solution Carbon Black is receiving some complaints from its customers since it causes Blue Screen of Death (BSOD) on the systems they are installed. There are currently more than 50 organizations that have already reported about the issue and VMware has confirmed it.
BSODs and boot loops
The problem was caused by the new ruleset by VMware, which has been deployed to Cloud Sensor this week. The ruleset version 3.6.0.1979 – 3.8.0.398 was the issue and it affects Windows 10 x64, Server 2012 R2 x64, and Server 2019 x64 systems. In addition to causing BSODs, the problem made some of the systems get stuck in boot loops as well. VMware’s investigation has revealed that there is a conflict between Carbon Black and AV signature pack 8.19.22.224.
@LawrenceAbrams @GossiTheDog @MalwareTechBlog @BleepinComputer !! – Carbon Black EDR causing blue screens of death for devices running sensor version 3.7.0.1253
At least 50+ orgs affected
Started today at 15:30
— Emile Death Row (@TGesches) August 23, 2022
VMware has rolled out an updated Threat Research ruleset to Prod01, Prod02, ProdEU, ProdSYD, and ProdNRT after they have done some internal testing and found no problems. After some further investigations, VMware made the following statement:
« VMware Carbon Black is aware of an issue affecting a limited number of customer endpoints, where certain older sensor versions were impacted by an update of our behavioral preventative capabilities. The issue has been identified and corrected, and VMware Carbon Black is working with impacted customers. »