Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: Sensor Registers in WSC as "Carbon Black Cloud Firewall" From Org Without HBFW Enabled

Carbon Black Cloud: Sensor Registers in WSC as "Carbon Black Cloud Firewall" From Org Without HBFW Enabled

Environment

  • Carbon Black Cloud Console: All Versions
  • Carbon Black Cloud Sensor: 3.9.0.2357 - 3.9.2.2698
  • Microsoft Windows: All Supported Versions

Symptoms

  • Host-based Firewall feature is disabled for Org.
  • Carbon Black Cloud Firewall is registered in Windows Security Center.
  • Recurring WSC notifications if Windows Firewall is disabled, similar to:
    Windows Firewall and Carbon Black Cloud Firewall are both turned off.  Tap or click to see available options.

Cause

  • Code changes in the 3.9 Sensor introduced Host-based Firewall as an add-on feature for Carbon Black Cloud.
  • Some of these code changes cause the Sensor to register with WSC as the system's firewall, regardless of whether the feature is enabled.

Resolution

Upgrade to Sensor 4.0.0.1292, which contains a fix for this bug. From the Release Notes:
DSEN-24701: Fixed an issue where CB Firewall registered itself as a firewall provider in Windows Security Center without Host-Based Firewall being enabled in the org policy.

Additional Notes

Windows Security Center notifications can be disabled in Group Policy by setting the following policy to Enabled. 
Computer Configuration > Administrative Templates > Windows Components > Windows Security > Notifications > Hide all notifications
Note: This will disable all Windows Security Center notifications.

Related Content


Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎05-22-2023
Views:
571
Contributors