Several thousand business servers and desktops were affected by a fault in VMWare’s Carbon Black endpoint security system, the company has revealed.
Blue Screen of Death (BSOD) errors have been reported by over 50 different companies, many of whom blame Carbon Black for their occurrence.
VMware’s Cloud Sensor has been experiencing issues since the company applied a new ruleset to the service earlier this week. There were crashes between the timestamps of 3.6.0.1979 and 3.8.0.398, and this ruleset appears to be the culprit. Windows 10 x64, Server 2012 R2 x64, and Server 2019 x64 users were apparently impacted.
Conflict
“VMware Carbon Black is aware of an issue affecting a small number of client endpoints, where earlier sensor versions were affected by a behavioural preventative upgrade. Therefore, VMware Carbon Black is helping affected clients.”
Carbon Black and AV signature pack 8.19.22.224 conflicted further analysis.
VMware issued a security advisory about an updated Threat Research ruleset after internal testing showed no issues. Hence the ruleset was pulled back, and deeper analysis is underway.
VMware recommends putting sensors in Bypass mode via Carbon Black’s Cloud Console for businesses that can’t wait for a repair. This allows users to boot the devices and roll back the flawed ruleset.
The fix doesn’t work for everyone. Almost 24 hours later, a user said, “still affected – approximately a dozen endpoints haven’t recovered, hands feel tied” “Reboot into safe mode with networking and wait %time%. Reboot to check. Some aren’t. Retry.”