• Agent generating Events for Health Check FailureId[20] similar to:

  Carbon Black App Control Agent detected a problem: c:\program files (x86)\bit9\parity agent\parity.exe is signed but could not check revocation: Error[800B010E]. Options[00000003] TotalFailures[1] FailureId[20]

• Agent generating Events for Health Check FailureId[80] similar to:

  Carbon Black App Control Agent detected a problem: C:\Windows\system32\userinit.exe is signed but did not pass certificate validation: Error[800B010E]. Options[00000003] TotalFailures[2] FailureId[80]
  

• App Control Agent: All Supported Versions
• Microsoft Windows: All Supported Versions

These Low Severity Health Check Events are caused in limited or no connectivity environments due to the endpoint being unable to establish a connection with the issuing Certificate Authority to complete the Certificate Revocation List checks.

Internet Connected Endpoints:

Work with the network team to validate communication to the Certificate Authority's Distribution Point is open and working.

• It's possible the Windows Cryptographic API was temporarily unable to reach the Certificate Authority due to a firewall, proxy restriction or temporary loss of Internet access while the check is being made.
• If using a Proxy, the 32-bit Proxy settings may not be set correctly.

Air Gapped (or otherwise limited) Endpoints:

• A Health Check Exclusion could be added for these Events.
• If desired, the Certificate Revocation Check can be disabled for Outbound Verification.

• The Health Check Event Guide categorizes these failures as Low Severity, and they do not impact the overall functionality of the Agent.
• When an endpoint is not connected to the Internet the operating system will rely on the existing local cache of Certificate Revocation Lists.