Knowledge Base

Access official resources from Carbon Black experts

Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Environment

App Control Server: 8.7.X and Higher
App Control Agent: 8.7.X and Higher

Symptoms

High CPU on App Control Server Services
High CPU on PHP-cgi.exe process
Approval out of date in most of the computers

IIS logs reporting thousands of events similar to:

2022-01-01 00:00:00 00.00.00.00 GET /hostpkg/pkg.php pkg=TrustedCertList.pem 443 - 00.00.00.00 Bit9+Parity - 000 0 0 00

Cause

TrustedCertList.pem file is corrupted

Resolution

Verify the Resource Download Location (RDL) specified is correct.
Log in to the application server as the Carbon Black Service Account.
If an Agent is installed, temporarily disable Tamper Protection.
Stop the App Control Server service.

Delete the file:

C:\Program Files (x86)\Bit9\Parity Server\hostpkg\TrustedCertList.pem

Start the App Control Server service, and verify the file is rebuilt.
If an alternate Resource Download Location is being used, verify the new file is synced to the alternate RDL correctly.

Related Content

App Control: Server Certificate List Has Been Stored But Has Been Determined to be Invalid
App Control: How to Collect Server Logs for API or Web Page Errors (Web Console)

Article Information

Author:

Creation Date:

‎09-20-2022

Views:

1097

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.