We purchased Carbon Black Defense in May 2017 to add a layer of protection to our Datacenter.  Below are the issues we had and the responses.  We agreed to not share this embarrassing experience as long as the training fee was refunded since they never completed the training.  It is now almost March 2018, and no longer do we receive emails promising a refund.


Here are the events that happened since installing:

  • A hacker from Russia was able to easily uninstall the Carbon Black Defense software after 1 month being installed.  Was told by CB that the software did not have any controls to avoid uninstalling and that will be in the upcoming releases approx 2-3 months.  

Carbon Black Can Be Uninstalled by Hackers


  • Servers crash from the ctifile.sys

Carbon Black Defense ctifile.sys causes Blue Screen


  • 99% of the Alerts are false alarms or so vague you need to login to their interface to review.


  • No show on the day of training




From: US
Sent: Monday, November 13, 2017 10:01 AM
To: @carbonblack.com>
Cc:@carbonblack.com>; @carbonblack.com>
Subject: RE: [GSP]90 Day Quick Start Project Extension
Importance: High

Good Morning,

We have been engaged with Carbon Black since May and the relationship has been taxing on our support team.  Between servers rebooting, defense agents are still able to be uninstalled, training, noisy false alerts on regular apps, and the email alerts require a tech to log in to review.  Our team here feels as if we are beta testing software for CB.  My intention when engaging with your company was to offer a cyber defense tool that could replace traditional endpoint software.  From our view, CB development team are not able to keep up with the number of bugs in a timely manner.

I am not pleased with this solution as the amount of loss tech time to keep up with all the noise and bugs, has been outweighed by 3x utilization.  CB Defense has potential but not ready for production.

This week I will be reviewing other options.



Type of responses we received when reporting issues ( Names have been removed )

From: US
Sent: Monday, January 22, 2018 9:24 AM
To: @carbonblack.com>
Subject: FW: Ticket#OS Issue. OS – Blue screen observed with manual restart at Site –


I feel at this point the company has no intention of returning the funds for training that was never delivered.  The amount of disruption to our company was not even equated into what we were asking.  I will be escalating this issue at this point and review other options.


From: @carbonblack.com]
Sent: Monday, December 18, 2017 9:16 AM
To: US
Subject: Carbon Black follow-up

Good Morning

I hope you had a great weekend. I wanted to follow up with you from last week to let you know I’ve been working on going through the right channels to get you a refund on the Professional Services piece of your purchase from earlier this year. I’m currently awaiting feedback from our PS and Finance teams. This is just the process we need to go through, and I don’t foresee any issues with getting your money back for PS.

I realized I never followed up with you directly after our call last week, so I don’t want you to think I’m leaving you in the dark.

Please let me know if you have any questions.

Thank you,

From: @carbonblack.com
Sent: Thursday, November 2, 2017 3:44 PM
Cc: @carbonblack.com>; @carbonblack.com>;
Subject: RE: [GSP]90 Day Quick Start Project Extension

Good afternoon,

Thanks for bringing this to our attention.  We’ve had a few customers lately that have a similar issue like yours.  You can check out what some of them have seen and done to provide a short term solve (roll back the sensor to 2.x in one case).



Our PM team is on this and is working hard to resolve this as soon as possible and we are currently tracking it in our Engineering teams.  In order to ensure our PM and Engineering team are getting accurate feedback on severity and scope of the issue, the best thing you can do is open a support case that addresses the issue you are having so it gets the proper visibility and attention from them.

Please let me know if you have any questions on how to open a ticket or any other concerns we might be able to address.


From: @carbonblack.com]
Sent: Friday, October 20, 2017 12:01 PM
Cc: @carbonblack.com>
Subject: RE: Policy Action Notification


These *may* or *may not* be false positives in your environment; check this thread: https://community.carbonblack.com/message/20098

We’ve cleaned up some false positives with the newest sensor release – – but there still may be some lingering. I can confirm that the ‘raw disk’ false positives have been identified and is with Engineering for a fix.

What I suggest is that you can try upgrading to the sensor to cut down on some of the false positives.

Let me know if that helps?



Leave a Reply