What are the Strict Validation Mode Requirements by Sensor Platform?
Article ID: 285732
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
A table chart listing the Strict Validation Mode Requirements by Sensor Platform.
Environment
- EDR Sensor: 6.2.3 and above
- Microsoft Windows: All Supported Versions
- EDR Sensor: 6.2.5 and above
- Apple macOS: All Supported Versions
Resolution
| Requirement | macOS Sensor 6.2.5+ | macOS Sensor 6.2.7+ | Windows Sensor 6.2.3+ |
|
Exact certificate match (Certificate pinning) | Yes | Yes | Yes |
| Expiration data | Yes | Yes | Yes |
| Certificate Validation Chain | - | Yes | Yes |
|
Hostname matches (SAN=) * See additional notes | - | Yes | Yes |
| Revocation Check | - | - | - |
|
Key Usage is Server Auth (1.3.6.1.5.5.7.3.1) | - | Yes | Yes |
Additional Information
- Windows XP, Windows Vista, and Server 2003 will not support TLS certificate swap. These sensors should be using 6.1.x versions
- The SAN must be different from the server FQDN and each group must have different entries. This feature uses virtual hosts, DNS does mapping is not needed, the sensor takes care of this via the host file. You can use any SAN. For example
- Sensor Cert 1 SAN: cb1, cb2
- Sensor Cert 2 SAN: cb3, cb4
Feedback
Yes
No
Powered by
