Environment

• App Control Console: Version 8.10.2 and Higher

Objective

Resolution

1. Verify the CPE Applications feature has been fully configured and enabled. 
2. In Reports > Events add a Filter for Type > Is: CPE Management and review the Errors.
3. Verify the network requirements to the remote NIST API:
   • If SSL/Packet Inspection is enabled, add an exception for the communication to/from services.nvd.nist.gov to prevent rejection of modified packets.
   • Use PowerShell from the application server to test communication to the NVD website on Port 443:

     TNC -ComputerName services.nvd.nist.gov -Port 443

4. Verify the CPE and CVE settings:
   • Reset the CPE and CVE URLs to the default locations, and attempt a manual sync.
   • If an NVD API Key was specified, try removing the API Key, and attempt a manual sync.
5. Restart the App Control Reporter service.
6. Use Postman from the application server to pull sample data from the NIST API (Example with the App Control API).
7. Reset the CPE Data and download a fresh copy of the NIST CPE Library.

1. Start a Wireshark Capture on the application server hosting the Console.
2. Start the Server High Debug Logging.
3. Recreate the issue & provide the resulting logs to Support.

Additional Notes

• This feature is not supported if the App Control Server is installed on Windows Server 2012.
• This feature relies upon communication between the application server and (by default) the NVD services owned by NIST.
• By default the delay between API requests for the CPE Sync is 6 seconds (Shepherd Config: CPEDelayBetweenRequests).
• If an error is encountered on the remote CPE site, this delay is increased to 60 seconds (Shepherd Config: CPEDelayBetweenFailedRequests).

Related Content