Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

App Control: How To Check CDC/SRS Status and Connectivity

App Control: How To Check CDC/SRS Status and Connectivity

Environment

  • App Control Server: All Supported Versions
  • Microsoft Windows: All Supported Versions

Objective

To confirm Carbon Black File Reputation (CDC) status and connectivity.

Resolution

Verify CDC Activation & Status:
  1. Login to the Console and navigate to System Configuration > Licensing > Carbon Black File Reputation Activation.
  2. Verify the subscription to Carbon Black File Reputation shows as, "Currently activated".
  3. Click Options to load the CDC Settings page.
  4. Verify "Enable file metadata sharing for Reputation and Threat results from Carbon Black" is checked.
Test Connectivity:
  1. Log in to the application server hosting the Console as the Carbon Black Service Account.
  2. Open an administrative command prompt and issue the following commands:
    cd "C:\Program Files (x86)\Bit9\Parity Server\Reporter"
    ParityReporter.exe check
    
    Note: If an Agent is installed on the App C server, Tamper Protection may need to be temporarily disabled before using the ParityReporter command.
    
  3. Test the connection to Port 443 via PowerShell:
    tnc -ComputerName services.bit9.com -Port 443 -InformationLevel "Detailed"
  4. Run the following query in SQL Mgmt Studio:
    use DAS; SELECT name, value FROM dbo.shepherd_configs WHERE name in ('ParityServerVersion', 'ActivationState', 'ActivationVerified', 'ActivationKey', 'ParityCenterSIDHash', 'ReporterConnectivityError')

Additional Notes

  • The connection between the CDC and the application server hosting the Console will require TLS 1.2.
  • To initiate the connection with the CDC .NET 4.6.2 (or later) is recommended. Earlier versions of .NET will default to pre-TLS 1.2 protocols, which will prevent a CDC connection.
  • The Carbon Black File Reputation Key is different than the App Control License Key (.lic file), but should be included when the License Key is provisioned.
  • If connectivity issues persist, despite successful tests, the Server High Debug Logs and a Wireshark capture while recreating the connectivity tests may be required.

Related Content


Labels (1)
Tags (2)
Was this article helpful? Yes No
67% helpful (2/3)
Article Information
Author:
Creation Date:
‎09-17-2018
Views:
5731
Contributors