Environment
- Carbon Black Cloud Sensor: All versions that support Live Query
- Microsoft Windows: All versions
Objective
Use the Carbon Black Live Query feature to check if all of the correct GoDaddy root certificates that are required for the Carbon Black Sensor are installed. This is mainly used to help troubleshoot manifest download failures or failed signature updates.
Resolution
Create a new Live Query and run against all target sensors that are currently checking in. This will generate a report that shows all systems that have both required GoDaddy certificates, installed in the certificate store location.
- In the Carbon Black console, navigate to Live Query > New Query
- Select the "SQL Query" tab at the top of the page
- Name the query and copy and paste the following into the SQL section of the new query
select common_name, subject, issuer, path from certificates WHERE (common_name = "Go Daddy Root Certificate Authority - G2" OR common_name ="Go Daddy Class 2 Certification Authority") AND path = "LocalMachine\Trusted Root Certification Authorities";
Additional Notes
Both GoDaddy certificates are required for full sensor functionality, which includes manifest downloads and malware signature updates. If a sensor is checking into the console, but is failing to download manifests or signature updates, one cause could be that one of the two GoDaddy root certificates are not installed on the system.
If the sensors are missing a GoDaddy root certificate, follow the
resolution procedure in this knowledgebase article: Related Content
