Carbon Black Cloud: How To Configure Sensor Not To Require CRL Checks
Carbon Black Cloud Console: All Versions (formerly CB PSC)
Carbon Black Cloud Sensor: 22.214.171.1245 and higher
Microsoft Windows: All Supported Versions
How to install the Sensor with CRL checking disabled
Uninstall the Sensor on Device
During unattended Install of CB Defense Sensor add the following parameter
msiexec.exe /q /i CBDefense-setup.msi /L*vx log.txt CURL_CRL_CHECK=0 <other parameters as needed for CBDefense_msi_command_options>
This will add the following line to the cfg.ini file
This will prevent the Sensor from using CRL communication but continue functioning normally otherwise.
WARNING: Disabling CRL checks could allow for exploiting a revoked certificate from the CBC which would make the device vulnerable to man in the middle attacks. Currently we are not checking for revocation status on a certificate as none exist but disabling the CRL check allows this potential scenario. This fix is tracked under DSEN-5002.