EDR: Sensor Does Not Resolve to Server When Editing Hosts File
search cancel

EDR: Sensor Does Not Resolve to Server When Editing Hosts File

book

Article ID: 284949

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response) Carbon Black Hosted EDR (formerly Cb Response Cloud)

Issue/Introduction

  • Unable to resolve EDR server address when EDR sensor is attempting to submit data, when using the host file for the EDR Server's DNS entry.

Environment

  • EDR Windows Sensor: All Supported Versions
  • EDR Server: All Supported Versions

Cause

  • In the case of Hosted EDR, all sensors report to 'sensors.<hosted-edr-url>.io'.¬†
  • On-Prem configurations can also¬† have this setup in custom configurations.

Resolution

  • Ensure that the Sensors C:\Windows\System32\drivers\etc\hosts file points directly to the URL that the sensors report to.
  • In the case of Hosted EDR an entry in the C:\Windows\System32\drivers\etc\hosts file would look like:
<ip_address> sensors.<hosted-edr-hostname>.my.carbonblack.io