EDR Hosted: Windows legacy OS sensors not connecting to EDR Hosted Server
search cancel

EDR Hosted: Windows legacy OS sensors not connecting to EDR Hosted Server

book

Article ID: 287904

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

  • Legacy OS sensors do not connect to EDR Hosted
  • Hresult in sensorcomms.log: 0x80072efe

Environment

  • EDR Hosted: All Versions
  • EDR Sensor: 6.2.1 and higher
  • Microsoft Windows: XP, Vista, Server 2003, Server 2008

Cause

Legacy Microsoft Operating Systems do not support the WinHttp Sha2 certificate

Resolution

  • For capable environments, such as Server 2008, enable TLS 1.2 communication
  • All other environments will have to use a sensor in the 6.1.x branch

Additional Information

  • TLS 1.0 is susceptible to man in the middle attacks with vulnerabilities such as BEAST, POODLE, DROWN, etc. Due to these vulnerabilties, TLS 1.0 cannot be enabled on Cloud environments. 
  • In order to successfully establish a connection with the EDR Hosted Server safely, consider moving to a newer OS that supports a more recent cryptographic protocol (TLS 1.2)
  • 6.2.1 Sensors and above utilize WinHttp connection over the previously used Curl. Connections using TLS 1.0 will not be able to connect on these sensor versions
  • WinHttp connection is using a SHA2 certificate for communication to the Hosted Server and not supported with Microsoft Windows XP, Vista, and Server 2003
Powered by Wolken Software