Access official resources from Carbon Black experts
Version
Cb Protection Agent 7.2.x
Issue
Cb Protection agent calls CertGetCertificateChain to perform CRL checks and build the certificate chain context. This can trigger a network request via WinHTTP to verify revocation status. WinHTTP should honor locally defined proxy settings however the user observes a direct OCSP connection rather than using the designated proxy.
Symptoms
Captured netsh (scenario=InternetClient) and CAPI2 logs show this network connection come into existence.
Cause
On 64-bit Windows machines there are two separate "netsh" commands and settings. In this case, the 64-bit netsh was being set to the proxy.
However Cb Protection is a 32-bit application.
Solution
Once the 32-bit netsh was called as below to point to the proxy server, OCRL calls starting respecting the proxy server settings:
c:\winidows\syswow64\netsh winhttp set proxy myproxy:80
c:\winidows\syswow64\netsh winhttp show proxy
Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.