EDR: Sensor Does Not Resolve to Server When Editing Hosts File
book
Article ID: 284949
calendar_today
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Carbon Black Hosted EDR (formerly Cb Response Cloud)
Issue/Introduction
- Unable to resolve EDR server address when EDR sensor is attempting to submit data, when using the host file for the EDR Server's DNS entry.
Environment
- EDR Windows Sensor: All Supported Versions
- EDR Server: All Supported Versions
Cause
- In the case of Hosted EDR, all sensors report to 'sensors.<hosted-edr-url>.io'.
- On-Prem configurations can also have this setup in custom configurations.
Resolution
- Ensure that the Sensors C:\Windows\System32\drivers\etc\hosts file points directly to the URL that the sensors report to.
- In the case of Hosted EDR an entry in the C:\Windows\System32\drivers\etc\hosts file would look like:
<ip_address> sensors.<hosted-edr-hostname>.my.carbonblack.io
Feedback
thumb_up
Yes
thumb_down
No