Carbon Black Cloud: Installation fails CRL check without WinHTTP proxy set (3.3.x.x and higher)
search cancel

Carbon Black Cloud: Installation fails CRL check without WinHTTP proxy set (3.3.x.x and higher)

book

Article ID: 285335

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense)

Issue/Introduction

  • Attempted install of Sensor fails overall even though proxy information (PROXY_SERVER) included in install command
  • Sensor record shows up on Endpoints page without OS or Sensor Version data, indicating successful registration but failed install
  • Packet capture shows successful connection with correct Device Services URL¬†but failure connecting to OCSP and CRL URLs
  • No WinHTTP proxy shown via command line
    C:\>netsh winhttp show proxy
    
    Current WinHTTP proxy settings:
    
        Direct access (no proxy server).

Environment

  • Carbon Black Cloud Sensor: 3.3.x.x and Higher
    • Audit & Remediation (was CB LiveOps)
    • Endpoint¬†Standard (was CB Defense)
    • Enterprise EDR (was CB ThreatHunter)
  • Microsoft Windows: All Supported Versions
  • Proxy in place and all external network traffic blocked, but not configured for WinHTTP on endpoint

Cause

OCSP and CRL traffic is not handled directly by the Sensor or the installer and does not use Proxy parameters specified at install, but is offloaded to the system which requires having WinHTTP set to the Proxy as well

Resolution

Options
  • Ensure WinHTTP is configured to use existing proxy server:port
OR

Additional Information

  • WinHTTP proxy can be set manually via command line interface (CLI) on individual machines as needed
    netsh winhttp set proxy <proxy>:<port>
  • WinHTTP proxy can be set via Group Policy Object (GPO) in larger environments
  • Setting WinHTTP proxy information may also be possible via proxy-side configuration