Before you can start VMs in ransomware recovery, you must uninstall any existing Carbon Black Cloud sensors from the VM endpoints.

When you start VMs in ransomware recovery, VMware Live Cyber Recovery installs a Carbon Black Cloud sensor on them to enable scanning and VM behavior analysis.

If VMs in your recovery plan already have Carbon Black Cloud sensors installed, uninstall the existing sensors to avoid generating security events for the production organization. Once the existing sensors are removed, when you start a recovery plan, VMware Live Cyber Recovery installs new sensors that are associated with a recovery organization.

For Windows instructions, see How to Uninstall Windows Sensors via Command Prompt.

For Linux instructions, see Uninstall a Linux sensor from an Endpoint.

If your Carbon Black Cloud administrator requires code to uninstall a sensor, see here: Require Codes to Uninstall Sensors at an Endpoint for information about finding that code.

Pausing a Plan to Uninstall Pre-existing Sensors

To keep Carbon Black Cloud sensors running on VMs until the moment you start a ransomware recovery plan, on the Ransomware Recovery page of the plan select the option named 'Pause when starting VMs to manually remove production security sensors':