EDR: Does the Duo Service Fail Open or Fail Close?
book
Article ID: 286840
calendar_today
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
Does the Duo two-factor authentication service fail open or fail close?
Environment
EDR Server: All versions
Resolution
The Duo service fails closed. If Dou communication is not available, the EDR servers require local access.
Additional Information
If the Duo service is not available, local access to the EDR server allows the service to be temporarily disabled by commenting the cb.conf variable TwoFactorAuthCallbackModulePath and restarting services.