search
cancel
Search
Sensor Communication Blocked By CRL Checks And Cannot Reinstall Sensor
book
Article ID: 285042
calendar_today
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Show More
Show Less
Issue/Introduction
Endpoint Standard Sensor not able to connect to CBC
SChannel errors show in Event Viewer Application Logs
The Firewall is not configured to allow communication for CRL checking
A Wireshark/pcap will show a 15-16 second delay between "client hello" and "server hello" indicating a the 15-second CRL timeout has occurred.
Environment
Endpoint Standard Sensor: 3.3. and later versions
Carbon Black Cloud Console: All Versions
Microsoft Windows: All Supported Versions
Cause
CRL checking by the Sensor is being blocked
Resolution
Options:
For sensor 3.8.0.722 and higher review
How to Adjust CRL checking for Best Effort
Sensor 3.4.0.925 and higher
Upgrade Sensor to 3.4.0.925 or higher if using an older sensor version
Put the Sensor in
Bypass
mode
Locate your cfg.ini file using this
KB
:
Edit the file
cfg.ini
with this line at the end of file
CurlCrlCheck=false
Save and close cfg.ini
Load changes
"C:\Program Files\Confer\RepCLI.exe" updateconfig
Bring Sensor out of Bypass
Check PSC Console for normal sensor communications, like check-ins and events
Additional Information
This change will prevent the Sensor from preforming CRL checking but continue functioning normally otherwise.
Additional information can be found about
What are some concerns with disabling the CRL check within the Sensor?
Feedback
thumb_up
Yes
thumb_down
No