Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

App Control: How can I ignore partial cert chain errors?

App Control: How can I ignore partial cert chain errors?

Environment

  • App Control Server: All Supported Versions
  • App Control Agent: All Supported Versions

Objective

Instruct the Agent to ignore Partial Certificate Chain errors on the Counter Signature Chain, and rely solely on the Certificate Chain used by the Publisher for the Code Signing Chain. 

Resolution

  1. Login to the Console and navigate to: https://YourServerAddress/agent_config.php
  2. Choose: Show Filters > Add Filter > Value > contains: ignore_partial_chain_on_countersignatures
  3. Click the pencil icon on the resulting Agent Config and change the Value to: ignore_partial_chain_on_countersignatures=1
  4. Click Save.
Allow the Agents some time to receive and apply the updated CL Version. Agents that have received this change should show as Up to Date in Assets > Computers.

Additional Notes

  • This Agent Config was made available with the release of Server & Agent version 8.1.4.
  • In order to maintain the highest security posture, Carbon Black strongly recommends pushing out the missing certificates in the chain, as described here:
  • Although this setting is not recommend, it's been created to help facilitate Publisher Approvals where the Counter Certificate Chain is incomplete and can not easily be fixed.

Related Content


Labels (1)
Tags (2)
Was this article helpful? Yes No
50% helpful (1/2)
Article Information
Author:
Creation Date:
‎09-02-2020
Views:
2890
Contributors