Environment
- EDR Hosted: All Versions
- EDR Sensor: 6.2.1 and higher
- Microsoft Windows: XP, Vista, Server 2003, Server 2008
Symptoms
- Legacy OS sensors do not connect to EDR Hosted
- Hresult in sensorcomms.log: 0x80072efe
Cause
Legacy Microsoft Operating Systems do not support the WinHttp Sha2 certificate
Resolution
- For capable environments, such as Server 2008, enable TLS 1.2 communication
- All other environments will have to use a sensor in the 6.1.x branch
Additional Notes
- TLS 1.0 is susceptible to man in the middle attacks with vulnerabilities such as BEAST, POODLE, DROWN, etc. Due to these vulnerabilties, TLS 1.0 cannot be enabled on Cloud environments.
- In order to successfully establish a connection with the EDR Hosted Server safely, consider moving to a newer OS that supports a more recent cryptographic protocol (TLS 1.2)
- 6.2.1 Sensors and above utilize WinHttp connection over the previously used Curl. Connections using TLS 1.0 will not be able to connect on these sensor versions
- WinHttp connection is using a SHA2 certificate for communication to the Hosted Server and not supported with Microsoft Windows XP, Vista, and Server 2003
Related Content