Carbonblack sensor and Server Security causing BSOD during reboot

This discussion has a more recent version.

Issue:

Carbonblack sensor and Server Security causing BSOD during reboot

Resolution:

When both products, Server Security and CarbonBlack sensor, are installed on the same server, BSOD occurs on every reboot.

The problem is related to Windows Firewall. Existence of our drivers/services increases the chance of an MS bug to appear. Possibly our services issue some specific network requests, which cause memory corruption in the Windows firewall engine (memory corruption goes very deep into MS code of the firewall).

This is an essential bug in the MS engine (possibly even a security vulnerability if such memory corruption could be made on request). This has been already reported to Microsoft. 

The workaround/solution is to stop MS firewall before reboot or try to relax/change firewall rules on the server.

More information about Carbon Black:
https://www.carbonblack.com/

Article no: 000016167

Sign In or Register to comment.