How to Adjust CRL checking for Best Effort
search cancel

How to Adjust CRL checking for Best Effort


Article ID: 285006


Updated On:


Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)


Useful steps for situations where a CRL check is not possible or needed or desired. These instructions will tell the sensor to ignore any communication issues that are not cert failures based on revocation. In those situations, it will proceed anyway. 


  • Carbon Black Cloud Console: All Versions
  • Carbon Black Cloud Sensor: and higher
  • Microsoft Windows: All Supported Versions



  1. During the unattended Install or upgrade of CB Defense Sensor add the following parameter
    1. Refer to the Unintended installations KB HERE for addition variables and command line options. 
  2. Edit the Config file
    1. Place the sensor in Bypass mode.
    2. Locate the cfg.ini file on the endpoint.
    3. Edit cfg.ini file, and add:
    4. Save and close cfg.ini 
    5. Load changes
      "C:\Program Files\Confer\RepCLI.exe" updateconfig
    6. Bring Sensor out of Bypass
    7. Check web Console for normal sensor communications, like check-ins and events.


Additional Information

The command line addition will add the following line to the cfg.ini file


 This will allow the Sensor to remain enabled and set to best effort but sensor communication continues if the CRL distribution point is unreachable.

  Additional information can be found about What are some concerns with disabling the CRL check within the Sensor?