Knowledge Base

Access official resources from Carbon Black experts

Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Environment

Carbon Black Cloud Sensor: All Supported Versions
Microsoft Windows: All supported versions

Question

Does disabling the Certificate Revocation List (CRL) check at the time of Sensor install result in the Sensor becoming open to man-in-the-middle attacks?

Answer

Disabling the CRL check does not immediately open the Sensor to man in the middle attacks

Disabling of the CRL check could be leveraged for a man in the middle attack if a Sensor/Backend communication certificate is revoked
No certificate revocations have occurred for Sensor/Backend communication certificates

Additional Notes

CRL checks often fail when proxies are involved because the CRL check process is offloaded to WinHTTP
If you would like to see the ability for the CRL checks to be performed according to proxy parameters provided at the time of install, please upvote: Allow CRL check on 3.3 and later Sensors to use proxy info passed at install

Related Content

Carbon Black Cloud: Sensor not connecting via proxy/firewall
Carbon Black Cloud: How To Configure Sensor Not To Require CRL Checks
CB Defense: Why Are Godaddy's OCSP And CRL Domains Required When Installing A 3.3 + Sensor?
Carbon Black Cloud: What Ports must be opened on the Firewall and Proxy Servers?

Article Information

Author:

Creation Date:

‎09-09-2020

Views:

2209