Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Cb Defense: Sensor doesn't Whitelist files by Cert if Japanese characters are in Common Name

Cb Defense: Sensor doesn't Whitelist files by Cert if Japanese characters are in Common Name

Environment

  • Cb Defense Web Console: All Versions
  • Cb Defense Sensor: All 2.x + versions
  • Microsoft Windows: All Supported Versions
  • Certificate with Japanese characters in its Common Name (Subject) added to Cert Whitelist

Symptoms

  • Run Application signed by the Cert with Japanese characters in its Common Name (Subject)
  • Observe that Sensor does not apply LOCAL_WHITE reputation to files signed by the Cert

Cause

There is a backend issue that is being investigated.

Resolution

  • To workaround this issue, only utilize Cert Whitelisting for files that are not signed by certificates with Japanese characters in the Common Name.
  • Alternatively, you can also whitelist files by Hash or create an Allow and Log permissions rule for the file(s). See Cb Defense: Methods to Whitelist Applications

Additional Notes

  • This article will be updated when a solution for this issue has been identified
  • Internal Reference: DSEN-3061

Related Content

Cb Defense: Methods to Whitelist Applications

Cb Defense: How to whitelist or blacklist a hash

Cb Defense: How to Utilize Certs Whitelist Feature

Cb Defense: How to Utilize IT Tools Whitelist Feature

Cb Defense: Difference in whitelisting by hash versus Certs or IT Tools

Labels (1)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎08-07-2018
Views:
438
Contributors