Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: Firewall does not accept / or wild cards when allowing sensor to reach out to VDF update server URL

Carbon Black Cloud: Firewall does not accept / or wild cards when allowing sensor to reach out to VDF update server URL

Environment

  • Carbon Black Cloud: All Supported versions
  • Endpoint Standard sensor: All supported versions

Symptoms

  • Using URL based firewall approval rules for outside communication
  • Sensor virus definition files (VDF) will not download signature packs or update to local scanner blocked by firewall

Cause

Firewall dos not accept / or wild cards when creating firewall rules to allow the the sensor to communicate with the VDF update server URL

Resolution

In the firewall allow rule use the entire domain only 'updates2.cdc.carbonblack.io' and test

Additional Notes

  • Leave the entire URL including directory /update2 'http://updates2.cdc.carbonblack.io/update2' in the policy's local scan settings as the update server URL
  • This is not proven on all firewalls and may not work in every situation

Related Content


Labels (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎07-30-2021
Views:
411
Contributors