logo

Knowledge Base

Access official resources from Carbon Black experts

Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Cb Defense: Sensor still downloading Signature Updates from Cloud despite using Local Mirror Configuration

Cb Defense: Sensor still downloading Signature Updates from Cloud despite using Local Mirror Configuration

Environment

  • Cb Defense Web Console: All Versions
  • Cb Defense Sensor: 2.0.2.x+ (Windows)
  • Microsoft Windows: All Supported Versions
  • Mirror Server set up

Symptoms

  • Local Scan enabled
  • Policy set to download from Local Mirror
  • Cb mirror removed from policy/unchecked
  • Local Mirror unavailable
  • Sensor downloads signature update from Cb Mirror

Cause

The current design is such that the sensor always attempts to download from cloud even if Cb Mirror has been unchecked from policy.

Resolution

  • Create internal firewall rule to block sensors from reaching out to the cloud for updates
  • Only allow the mirror server(s) to reach to the cloud for update
  • Create a secondary mirror server to act as a backup if the main fails
    • select which you prefer as master in the policy

Additional Notes

If this is an issue in your environment, please upvote to add the feature on Idea Central -

Related Content

Cb Defense: How To Configure Local AV Scan

Cb Defense: How To Set Up A Local Mirror for AV Signature Updates

Cb Defense: How to tell where Local AV Signature update was downloaded from?

Cb Defense: Verify the Latest Local Scanner Signature Version

Labels (1)
Was this article helpful? Yes No
No ratings
Article Information
Author:
sdurney
Creation Date:
‎08-09-2018
Views:
807
Contributors
logo