Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

App Control: Health Check parity.exe (Userinit.exe) is signed by could not check revocation

App Control: Health Check parity.exe (Userinit.exe) is signed by could not check revocation

Environment

  • App Control Agent: All Supported Versions
  • Microsoft Windows: All Supported Versions

Symptoms

Agent Health Check returns Events similar to:
Carbon Black App Control Agent detected a problem: C:\Windows\system32\userinit.exe is signed but did not pass certificate validation: Error[800B010E]. Options[00000003] TotalFailures[2] FailureId[80]
Carbon Black App Control Agent detected a problem: c:\program files (x86)\bit9\parity agent\parity.exe is signed but could not check revocation: Error[800B010E]. Options[00000003] TotalFailures[1] FailureId[20]

Cause

These Low Severity Health Check Events are caused in limited or no connectivity environments due to the endpoint being unable to establish a connection with the issuing Certificate Authority to complete the Certificate Revocation List checks.

 


Resolution


Additional Notes

  • The system is not connected to the Internet and has not received the most recent set of certificate revocation lists (CRL). In an online environment, Windows is able to reach out to the Internet and verify the CRLs. In the offline environment, Windows relies on the local cache of CRLs.
  • On a system with Internet connection, the Crypto API may be unable to reach out online to check for CRL due to either firewall, proxy restriction or a temporary loss of internet access while the check is being made.

Related Content


Labels (1)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎04-12-2022
Views:
1090
Contributors