Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: How to remediate ManifestDownloadFailure alarms (macOS)

Carbon Black Cloud: How to remediate ManifestDownloadFailure alarms (macOS)

Environment

  • Carbon Black Cloud Console: All Versions
    • Endpoint Standard
    • Enterprise EDR
    • Audit & Remediation
    • Workload
  • Carbon Black Cloud Sensor: 3.5.3.x and Higher
  • Apple macOS: All Supported Versions

Objective

Provide steps for correcting issues for macOS Sensors with downloading of content manifest data from content.carbonblack.io after receiving an In-Product Notification

Resolution

  1. Check access to content.carbonblack.io from endpoint
  2. Verify that any configured proxy or firewall allows outbound (endpoint to cloud) communication
    URLPortDirectionSSL Inspection
    content.carbonblack.ioTCP/443OutboundDisabled
  3. Check status of Manifest downloads and ContentDownloadFailure alarms
  4. If ManifestDownloadFailure alarms continue in SensorAlarms.log, please open a case with Carbon Black Technical Support and provide
    Hostname
    Verification of access from step 1
    Configuration information of firewall/proxy exclusion from step 2 (along with date/time implemented)
    Firewall/proxy logs with any errors in communicating with content.carbonblack.io
    Output of step 3 above

Additional Notes

There is no need to perform these steps unless directed to do so by an In-Product Notification in the Carbon Black Cloud Console or by a member of VMware Carbon Black Technical Support.

Related Content


Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
Creation Date:
‎04-19-2022
Views:
208
Contributors