logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

App Control: Blocks Due To CertValidationError[0x00000005]

App Control: Blocks Due To CertValidationError[0x00000005]

Environment

  • App Control Agent: All Supported Versions
  • Microsoft Windows: All Supported Versions

Symptoms

  • Publisher is set to Approved in the Console.
  • Block Events generated similar to: 
    File 'C:\Program Files (x86)\ACME Accounting\critical.dll' [A2951...09E08] was blocked because it was unapproved. 
Publisher[ACME Digital Inc. (IneligibleForApproval: ChainIdx[1] CertId[756] CertValidationError[0x00000005])]

Cause

The Agent relies upon the Windows Cryptographic API to validate all certificate/publisher information. This message (CertValidationError[0x00000005]) is returned as a combination of the CERT_TRUST_STATUS errors Windows encountered:
  • CERT_TRUST_IS_NOT_TIME_VALID 0x00000001
  • CERT_TRUST_IS_REVOKED 0x00000004

Resolution

A different Approval Method (Custom Rule, Global Approval, etc) must be used in these circumstances, as the Agent will not allow Publisher Approvals for a certificate that has been revoked.

Related Content


Labels (1)
Labels:
Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎01-19-2024
Views:
234
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.