Environment
- App Control Agent: All Supported Versions
- Microsoft Windows: All Supported Versions
Symptoms
Agent Health Check returns Events similar to:
Carbon Black App Control Agent detected a problem: C:\Windows\system32\userinit.exe is signed but did not pass certificate validation: Error[800B010E]. Options[00000003] TotalFailures[2] FailureId[80]
Carbon Black App Control Agent detected a problem: c:\program files (x86)\bit9\parity agent\parity.exe is signed but could not check revocation: Error[800B010E]. Options[00000003] TotalFailures[1] FailureId[20]
Cause
These Low Severity Health Check Events are caused in limited or no connectivity environments due to the endpoint being unable to establish a connection with the issuing Certificate Authority to complete the Certificate Revocation List checks.
Resolution
Additional Notes
- The system is not connected to the Internet and has not received the most recent set of certificate revocation lists (CRL). In an online environment, Windows is able to reach out to the Internet and verify the CRLs. In the offline environment, Windows relies on the local cache of CRLs.
- On a system with Internet connection, the Crypto API may be unable to reach out online to check for CRL due to either firewall, proxy restriction or a temporary loss of internet access while the check is being made.
Related Content