Remediating ManifestDownloadFailure alarms (Windows)
search cancel

Remediating ManifestDownloadFailure alarms (Windows)


Article ID: 285081


Updated On:


Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)


Provide steps for correcting issues for Windows Sensors with downloading of content manifest data from after receiving a related Alert


  • Carbon Black Cloud Console: All Versions
    • Endpoint Standard
    • Enterprise EDR
    • Audit & Remediation
    • Workload
  • Carbon Black Cloud Sensor: 3.6.0.x and Higher
  • Microsoft Windows: All Supported Versions


  1. Check access to from endpoint
  2. Verify that any configured proxy or firewall allows outbound (endpoint to cloud) communication
    URL Port Direction SSL Inspection TCP/443 Outbound Disabled
  3. If not corrected above, verify at least one of the supported TLS cipher suites is enabled via PowerShell
    1. Check enabled cipher suite by name
      C:\> Get-TlsCipherSuite -Name <Cipher_Suite_Name>
      If nothing is returned the cipher suite is not enabled
      Example with TLS 1.2/FIPs compliant cipher suite
      C:\> Get-TlsCipherSuite -Name TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    2. Check all enabled cipher suites
      C:\> Get-TlsCipherSuite | foreach {$_.Name}
    3. Enable cipher suites
      C:\> Enable-TlsCipherSuite -Name <Cipher_Suite_Name>
      Example with TLS1.2 and FIPs compliant Cipher Suite
      C:\> Enable-TlsCipherSuite -Name TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  4. Check status of Manifest downloads
  5. If the count of ManifestDownloadFailure alarms continues to increase and/or 'Last Manifest Content Update Time' does not get set or updated, please open a case with Carbon Black Technical Support and provide
    Org Key
    Verification of access from step 1
    Configuration information of firewall/proxy exclusion from step 2
    Firewall/proxy logs with any errors in communicating with
    Output of step 4 above

Additional Information

  • There is no need to perform these steps unless directed to do so by a CB Analytics Alert in the Carbon Black Cloud Console or by a member of VMware Carbon Black Technical Support
  • If using 3rd Party Apps/Software to manage your Cipher Suites, please follow any and all Vendor guidance
  • If the alert is older than 24 hours there is no action needed as there are no devices reporting the alarm