Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

EDR: How to setup Windows Sensors for Proxy Communication

EDR: How to setup Windows Sensors for Proxy Communication

Environment

  • EDR Sensors: All Versions
  • Microsoft Windows: All Supported Versions

Objective

How to setup Windows sensors for proxy communication

Resolution

  • Proxy Options
    • "server:port" | Where server is the proxy server and port is the port of the proxy server
    • "@wpad" | 6.2.3 and above only. Instructs the sensor to auto-detect proxy with WPAD protocol.
    • "@pacurl:URL" | 6.2.3 and above only. Where URL is the URL of the PAC file to download and use the proxy configured in the file
  • To add the proxy setting follow one of the two options
    • Open the zip file of the installer contents and modify the sensorsettings.ini file by adding the Proxy config anywhere in the file. For example, adding autodetect proxy
      Proxy=@wpad
    • If the sensor is already installed, the following registry edit command can be used
      reg add HKLM\SOFTWARE\CarbonBlack\config /v Proxy /t REG_SZ /d @wpad

Additional Notes

  • 6.2.3 and above sensors have enhanced behavior for proxy communication
  • The sensor gets the beginning packet and sends it to the user service to check if it's going through a proxy
  • If communication fails over proxy, the sensor will try using direct communication

Related Content


Labels (1)
Tags (2)
Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
Creation Date:
‎09-09-2020
Views:
3029
Contributors