VMware confirms Carbon Black is indeed causing Windows BSODs and boot-loops

If your organization"s computers running Windows are getting blue screens of death (BSOD) or running into boot-loops, it is possible that your company is using VMware"s Carbon Black Endpoint Detection and Response (EDR) Solutions. VMware too has confirmed the issue.

In a security advisory published earlier today, the firm says that it is aware of the bug and explains that a recent update to Carbon Black"s threat research rulesets is the culprit and as such, the issue has been resolved using update rollback policy. Additionally, a temporary workaround has also been provided by the company.

The entire issue as well as the workarounds are given below:

Endpoint Standard: Sudden Blue Screens on Windows Devices (23rd August 2022)

Environment

  • Carbon Black Cloud Console: All Versions
  • Carbon Black Cloud Sensor: 3.6.x.x - 3.7.x.x
  • Microsoft Windows: All Support Versions

Symptoms

  • Device goes to Blue Screen on boot
  • Stop code may show "PFN_LIST_CORRUPT"

Cause

  • Updated Threat Research rulesets were rolled out to Prod01, Prod02, ProdEU, ProdSYD, and ProdNRT after internal testing showed no signs of issues

Resolution

  • VMware Carbon Black has rolled back the rulesets, and as machines check in they will get the updated ruleset and auto-resolve.

Temporary Workaround

  • Place impacted Sensors into Bypass mode via Carbon Black Cloud Console to allow them to boot successfully and have ruleset removed
  • A small subset of impacted devices may require an additional workaround requiring a reboot into Safe Mode, if so, please open a Support case as called out below

VMware has also provided additional details and resources on its knowledge base (KB) article. Impacted users are urged to folow it in case there are further updates on the issue.

Via: @TGesches (Twitter)

Report a problem with article
Next Article

Microsoft Teams gets new education features as new school year approaches

Previous Article

Apple won't allow you to upgrade your MacBook during Self Service Repair