What Ports must be opened on the Firewall and Proxy Servers?
Article ID: 285220
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Issue/Introduction
What ports must be opened on the Firewall or Proxy servers to allow the sensor to communicate with the various Carbon Black Cloud services?
Environment
- Carbon Black Cloud (Formerly PSC) Console: All Versions
- Endpoint Standard (Formerly CB Defense) Sensor: All Versions
- Microsoft Windows: All Supported Versions
- Apple MAC OS: All Versions
Resolution
This information can be found in our Configuration Guide.
Additional Information
- If "Submit unknown binaries for analysis" is enabled, all traffic goes through CB Defense Device Services before it is routed to the Carbon Black Cloud. The Carbon Black Cloud only uses third-party vendor, Avira Operations GmbH & Co. KG (“Avira”), as a subprocessor to assist with the threat analysis. The sensor will never directly communicate with Avira, so there are no additional network changes required.
- To determine whether the agent is "onsite" or "offsite" the sensor sends a ICMP echo to see if the each DNS suffix address is reachable. In this case you may observe outbound connections to your Domain Controllers from the Sensor Service (RepMgr).
Feedback
Yes
No
Powered by
