Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: How to determine if content.carbonblack.io is blocked?

Carbon Black Cloud: How to determine if content.carbonblack.io is blocked?

Environment

  • Carbon Black Cloud Console: All Versions
  • Carbon Black Cloud Windows Sensor: 3.6.x.x and Higher
  • Microsoft Windows: All Supported Versions

Question

How to determine if content.carbonblack.io is blocked?

Answer

If content.carbonblack.io is blocked, the following symptoms will be observed:
  • Enterprise EDR (was CB ThreatHunter) - Observe that sensor has not uploaded any data since upgrading to 3.6
  • Device Control - Inability to block devices
  • Checking RepCLI status output will display the following alarm: 
    C:\>"C:\Program Files\Confer\RepCLI.exe" status | findstr "ManifestDownloadFailure"
    
    ManifestDownloadFailure: x times LastTrigger[mm/dd/yyyy hh:mm:ss]

Additional Notes

  • In sensor version 3.6.x.x and above, Enterprise EDR, AMSI Prevention, and Unified Binary Store must be able to access content.carbonblack.io in order to function correctly
  • If a software or hardware firewall exists between the device and the internet, please ensure that outbound connections are allowed to content.carbonblack.io and inbound connections are allowed from content.carbonblack.io
  • Device Control is available with Sensor 3.6.x.x and higher and Carbon Black Cloud Console November '20 Release (0.60) and higher

Related Content


Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
Creation Date:
‎09-08-2020
Views:
2213
Contributors