logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

Cb Protection agent-generated CRL (ocrl) traffic does not appear to follow netsh proxy settings

Cb Protection agent-generated CRL (ocrl) traffic does not appear to follow netsh proxy settings

Version

Cb Protection Agent 7.2.x

Issue

Cb Protection agent calls CertGetCertificateChain to perform CRL checks and build the certificate chain context. This can trigger a network request via WinHTTP to verify revocation status. WinHTTP should honor locally defined proxy settings however the user observes a direct OCSP connection rather than using the designated proxy.

Symptoms

Captured netsh (scenario=InternetClient) and CAPI2 logs show this network connection come into existence.

Cause

On 64-bit Windows machines there are two separate "netsh" commands and settings. In this case, the 64-bit netsh was being set to the proxy.

However Cb Protection is a 32-bit application.

Solution

Once the 32-bit netsh was called as below to point to the proxy server, OCRL calls starting respecting the proxy server settings:

c:\winidows\syswow64\netsh winhttp set proxy myproxy:80

c:\winidows\syswow64\netsh winhttp show proxy

Labels (1)
Labels:
Was this article helpful? Yes No
No ratings
Article Information
Author:
mbridgeo
Creation Date:
‎10-10-2016
Views:
788
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.