App Control: Health Check parity.exe (Userinit.exe) is signed by could not check revocation
search cancel

App Control: Health Check parity.exe (Userinit.exe) is signed by could not check revocation

book

Article ID: 287124

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

Agent Health Check returns Events similar to:
Carbon Black App Control Agent detected a problem: C:\Windows\system32\userinit.exe is signed but did not pass certificate validation: Error[800B010E]. Options[00000003] TotalFailures[2] FailureId[80]
Carbon Black App Control Agent detected a problem: c:\program files (x86)\bit9\parity agent\parity.exe is signed but could not check revocation: Error[800B010E]. Options[00000003] TotalFailures[1] FailureId[20]

Environment

  • App Control Agent: All Supported Versions
  • Microsoft Windows: All Supported Versions

Cause

These Low Severity Health Check Events are caused in limited or no connectivity environments due to the endpoint being unable to establish a connection with the issuing Certificate Authority to complete the Certificate Revocation List checks.

 

Resolution

Additional Information

  • The system is not connected to the Internet and has not received the most recent set of certificate revocation lists (CRL). In an online environment, Windows is able to reach out to the Internet and verify the CRLs. In the offline environment, Windows relies on the local cache of CRLs.
  • On a system with Internet connection, the Crypto API may be unable to reach out online to check for CRL due to either firewall, proxy restriction or a temporary loss of internet access while the check is being made.