Automate cleanup of CB Defense sensor after a failed uninstall using SCCM

CarbonBlack recently released version 3.1 of the 'sensor' for their CB Defense product.  This sensor is the client side agent installed on each PC.  The CB Defense sensor does not self update, but installing the new version should be as simple as a few clicks in the CB Defense web console or downloading the install package and deploying it using your favorite method.  Unfortunately, it's not always so simple.

In many cases, when the installer attempts to remove the old version of the sensor during the upgrade process, the uninstall does not completely remove the old sensor, and installation of the new sensor fails.  This leaves the computer with no working version of the CB Defense sensor installed.  The old version of the sensor no longer shows up under "Programs and Features", and all attempts to install the new version fail. 

The CarbonBlack User Exchange (login required) site has a few articles describing this issue and potential workarounds.   An article CB Defense: Uninstall the Windows Sensor even includes a link to download the handy Sensor Removal Tool, perfect for just this situation.  The sensor removal tool is designed to remove any bits and pieces of the sensor left behind after a failed uninstall.  Simply extract the appropriate exe from the zip file and run it with the /cleanup parameter, and it will take care of the rest!  Of course, that only fixes the computer you run it on.  What if you deployed the new sensor version out to many or all of your clients, and now need to perform this cleanup on hundreds of computers?

This is where System Center Configuration Manger (SCCM) steps in to save the day.  Download SensorRemovalTool.zip and extract the contents.  Select Sensor21RemovalToolx64.exe (or Sensor21RemovalToolx86.exe if you're still running a 32-bit OS), and copy it to a network share where you store your source files for SCCM apps and packages. 

In the Software Library workspace of the SCCM console, select Packages in the left pane, and then click the "Create Package" button on the toolbar. 















In the Create Package and Program wizard, enter a name and description for your package.  Check the box next to "This package contains source files, and use the Browse button to enter the UNC path to the network share where you saved the sensor removal tool exe file. 



On the Program Type screen, accept the default of "Standard Package" and click next. Next you'll fill in details about the Standard program.  Enter a name which makes sense to you.  In the "Command Line field, enter:   
      Sensor21RemovalToolx64.exe /Cleanup

 
 
Click Next through the remaining screens to accept the defaults and create the package.  Once the package is created, you're ready to distribute the content and deploy the package to a collection of computers.  Give the deployment time to run, removing the sensor from all computers in the collection, then re-deploy the CB Defense 3.1 sensor install to the collection.  All computers in the collection should now be able to install the new sensor successfully. 


Comments

Popular posts from this blog

Windows 10 Credential Guard breaks WiFi

Mystery Solved: Bitlocker is enabled, but Intune shows the computer as non-compliant for Require Bitlocker

Data Sharing Service crashes on Windows Server 2016 - Event ID 7023