Carbon Black Cloud: How to determine if content.carbonblack.io is blocked?
Carbon Black Cloud Console: All Versions
Carbon Black Cloud Windows Sensor: 3.6.x.x and Higher
Microsoft Windows: All Supported Versions
How to determine if content.carbonblack.io is blocked?
If content.carbonblack.io is blocked, the following symptoms will be observed:
Enterprise EDR (was CB ThreatHunter) - Observe that sensor has not uploaded any data since upgrading to 3.6
Device Control - Inability to block devices
Checking RepCLI status output will display the following alarm:
C:\>"C:\Program Files\Confer\RepCLI.exe" status | findstr "ManifestDownloadFailure"
ManifestDownloadFailure: x times LastTrigger[mm/dd/yyyy hh:mm:ss]
In sensor version 3.6.x.x and above, Enterprise EDR, AMSI Prevention, and Unified Binary Store must be able to access content.carbonblack.io in order to function correctly
If a software or hardware firewall exists between the device and the internet, please ensure that outbound connections are allowed to content.carbonblack.io and inbound connections are allowed from content.carbonblack.io
Device Control is available with Sensor 3.6.x.x and higher and Carbon Black Cloud Console November '20 Release (0.60) and higher