• Attempted install of Sensor fails overall even though proxy information (PROXY_SERVER) included in install command
• Sensor record shows up on Endpoints page without OS or Sensor Version data, indicating successful registration but failed install
• Packet capture shows successful connection with correct Device Services URL but failure connecting to OCSP and CRL URLs
• No WinHTTP proxy shown via command line

  C:\>netsh winhttp show proxy
  
  Current WinHTTP proxy settings:
  
      Direct access (no proxy server).

• Carbon Black Cloud Sensor: 3.3.x.x and Higher
  • Audit & Remediation (was CB LiveOps)
  • Endpoint Standard (was CB Defense)
  • Enterprise EDR (was CB ThreatHunter)
• Microsoft Windows: All Supported Versions
• Proxy in place and all external network traffic blocked, but not configured for WinHTTP on endpoint

OCSP and CRL traffic is not handled directly by the Sensor or the installer and does not use Proxy parameters specified at install, but is offloaded to the system which requires having WinHTTP set to the Proxy as well

• Ensure WinHTTP is configured to use existing proxy server:port

• Disable CRL checking at install

• WinHTTP proxy can be set manually via command line interface (CLI) on individual machines as needed

  netsh winhttp set proxy <proxy>:<port>

• WinHTTP proxy can be set via Group Policy Object (GPO) in larger environments
• Setting WinHTTP proxy information may also be possible via proxy-side configuration