Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

Environment

Carbon Black Cloud Sensor: All Supported Versions
Microsoft Windows: All supported versions

Question

Does disabling the Certificate Revocation List (CRL) check at the time of Sensor install result in the Sensor becoming open to man-in-the-middle attacks?

Answer

Disabling the CRL check does not immediately open the Sensor to man in the middle attacks

Disabling of the CRL check could be leveraged for a man in the middle attack if a Sensor/Backend communication certificate is revoked
Additional information can be found about What are some concerns with disabling the CRL check within the Sensor?

Additional Notes

CRL checks often fail when proxies are involved because the CRL check process is offloaded to WinHTTP

Related Content

Carbon Black Cloud: Sensor not connecting via proxy/firewall
Carbon Black Cloud: How To Configure Sensor Not To Require CRL Checks On Install
CB Defense: Why Are Godaddy's OCSP And CRL Domains Required When Installing A 3.3 + Sensor?
Carbon Black Cloud: What Ports must be opened on the Firewall and Proxy Servers?
Carbon Black Cloud: How to Adjust CRL checking for Best Effort

Article Information

Author:

Creation Date:

‎09-09-2020

Views:

2780

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.