logo

Knowledge Base

Access official resources from Carbon Black experts

Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: Sensor Registers in WSC as "Carbon Black Cloud Firewall" From Org Without HBFW Enabled

Carbon Black Cloud: Sensor Registers in WSC as "Carbon Black Cloud Firewall" From Org Without HBFW Enabled

Environment

  • Carbon Black Cloud Console: All Versions
  • Carbon Black Cloud Sensor: 3.9.0.2357 and Higher
  • Microsoft Windows: All Supported Versions

Symptoms

  • Host-based Firewall feature is disabled for Org.
  • Carbon Black Cloud Firewall is registered in Windows Security Center.
  • Recurring WSC notifications if Windows Firewall is disabled, similar to: 
    Windows Firewall and Carbon Black Cloud Firewall are both turned off.  Tap or click to see available options.

Cause

  • Code changes in the 3.9 Sensor introduced Host-based Firewall as an add-on feature for Carbon Black Cloud.
  • Some of these code changes cause the Sensor to register with WSC as the system's firewall, regardless of whether the feature is enabled.

Resolution

There are no workarounds at this time, though the issue is currently under investigation by engineering.

Additional Notes

Windows Security Center notifications can be disabled in Group Policy by setting the following policy to Enabled.  
Computer Configuration > Administrative Templates > Windows Components > Windows Security > Notifications > Hide all notifications
Note: This will disable all Windows Security Center notifications.

Related Content


Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎05-22-2023
Views:
419
Contributors
logo