Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: How To Configure Sensor Not To Require CRL Checks

Carbon Black Cloud: How To Configure Sensor Not To Require CRL Checks

Environment

  • Carbon Black Cloud Console: All Versions (formerly CB PSC)
  • Carbon Black Cloud Sensor: 3.4.0.925 and higher
  • Microsoft Windows: All Supported Versions

Objective

How to install the Sensor with CRL checking disabled

Resolution

  1. Uninstall the Sensor on Device
  2. During unattended Install of CB Defense Sensor add the following parameter
msiexec.exe  /q /i CBDefense-setup.msi  /L*vx log.txt CURL_CRL_CHECK=0 <other parameters as needed for CBDefense_msi_command_options> 

Additional Notes

  • This will add the following line to the cfg.ini file
CurlCrlCheck=false
  • This will prevent the Sensor from using CRL communication but continue functioning normally otherwise. 
WARNING: Disabling CRL checks could allow for exploiting a revoked certificate from the CBC which would make the device vulnerable to man in the middle attacks. Currently we are not checking for revocation status on a certificate as none exist but disabling the CRL check allows this potential scenario. This fix is tracked under DSEN-5002.

Related Content


Was this article helpful? Yes No
100% helpful (2/2)
Article Information
Author:
Creation Date:
‎09-01-2020
Views:
6245
Contributors