For the last couple of weeks we have been experiencing difficulties running certain PowerShell scripts that validate the installed certificates in our endpoints. Our technicians identified that the issue is related to the Windows Remote Management service (winrm) being stopped in our machines. Do we know if the Carbon Black agent made this change in our endpoints?
VMware Carbon Black EDR sensor versions prior to 7.2
Carbon Black has an updated EDR sensor version for Windows, version 7.2.0. In the corrective content in the release notes(linked below), there is a listing that may resolve the issue. "Fixed a bug with AMSI extension that could lead to script failures for Powershell. [CB-33118]". It's recommended to test this version out with users who are experiencing this issue.