App Control: Performance Impacts Due to Certificate Validation
search cancel

App Control: Performance Impacts Due to Certificate Validation

book

Article ID: 286526

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

  • Events similar to: Excessive certificate validation Time[5min 1sec] 
  • Extremely slow Agent initialization due to certificate validation failure

Environment

  • App Control Agent: All Supported Versions
  • App Control Console: All Supported Versions

Cause

Agent running in an air gapped (or otherwise limited Internet) environment cause certificate validation failures which in turn delay the initialization process

Resolution

Consider disabling Revocation Checks in the Console > System Configuration > Advanced Options.

Additional Information

  • Checking certificates requires that queries be run over the Internet. In an offline environment, online revocation checking will never succeed.
  • OCSP online requests to check for revocation, while resource expensive, are a critical piece that ensures the Agent has the most up to date validity information regarding the certificate in question.
  • If a certificate is compromised and revoked by its author, it is critical that Agents are notified of this change in trust. Without it, new malicious files signed by the compromised certificate could be Approved.
  • For an air gapped environment it is recommended to setup PKI such that Agents can trust the local cached information on the endpoint, or funnel through a network product that can do the caching and revocation checking on behalf of the endpoint without leaving the local network.