Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

App Control Windows Agent Digicert Timestamp

App Control Windows Agent Digicert Timestamp

Attached below is a Digicert for the Windows App Control Agent. 

SHA-256: 7465dc0556aacb8120b74391db96d3ef7f9ba504fcfd25de37f4605ed02de77d

Labels (2)
Attachments
0 Kudos
Comments

Is this something that should be applied to our servers?  

jjj

What's this for?  Any context?

https://docs.vmware.com/en/VMware-Carbon-Black-App-Control/8.7.4/rn/vmware-carbon-black-app-control-... :

Upgrade Issue with Windows XP and Server 2003

Windows XP and Server 2003 lack the necessary certificates (both root and intermediate) to validate the timestamps in the signature we use. In order to upgrade these operating systems to 8.7.4 of the App Control agent customers will need to choose to do one of the following:

Option 1: Import the Missing Certificates Into the Computer Certificate Store

You can download the necessary certificates from https://community.carbonblack.com/t5/Documentation-Downloads/App-Control-Windows-Agent-Digicert-Time....

Install the certificates on your machines either directly using MMC with the Certificates snap-in or use GPO. The root certificate should be imported to the Trusted Root Certification Authorities store. The intermediate certificate should go to the Intermediate Certification Authorities store. These should be imported at the machine level as opposed to the user level.

Option 2: Explicitly Trust the Timestamping Publisher

Another option is to trust the timestamping certificate. This can be a bit challenging because it requires querying the database for the correct id. Full instructions can be found on this document: https://community.carbonblack.com/t5/App-Control-Discussions/Ineligible-for-Approval-CERT-TRUST-IS-P...

Option 3: Use the ignore_partial_chain_on_countersignatures config prop

Agents can be configured to ignore the missing countersignatures. This allows approval by publisher for files that have valid code signing chains, while ignoring errors on the counter signing chain.

Details on how to configure this can be found here:

https://community.carbonblack.com/t5/Knowledge-Base/App-Control-How-can-I-ignore-partial-cert-chain-...

Please note that if the root certificate is not trusted (using Option 1 or 2), this method will still result in the following error: CERT_TRUST_IS_UNTRUSTED_ROOT.

Article Information
Author:
Creation Date:
‎05-04-2022
Views:
1607
Contributors