• CB Response: Windows sensor cannot connect to CB Response Server. 
• Sensor.log shows these errors:

Tid[067C] 2019-03-05 00:15:58 (e): WinHttpSendRequest() failed: WinError[0x00002EFE]
Tid[067C] 2019-03-05 00:15:58 (e): Unable to complete request from HTTP transaction
Tid[067C] 2019-03-05 00:15:58 (w): Failed to registerHTTPCode[2147954430] HrError[0x80072EFE]
Tid[067C] 2019-03-05 00:15:58 (i): failed to register HrError[0x80072EFE]
Tid[067C] 2019-03-05 00:15:58 (w): Unable to properly synch with server HrError[0x80072EFE]
Tid[067C] 2019-03-05 00:15:58 (e): WinHTTP indicated a TLS/SSL error, WinXP and Server2008 sensors require the Cb Response server enable TLS1.0 for secure communication.

• EDR (formerly CB Response): All Versions
• EDR Sensor: 6.2.1 and Higher
• Microsoft Windows: Server 2008 SP 2

1. Enable TLS 1.2 on the Server 2008 environment
2. Install sensor versions within the 6.1.x branch 

• TLS 1.0 is susceptible to man in the middle attacks with vulnerabilities such as BEAST, POODLE, DROWN, etc.Consider these vulnerabilities before requesting TLS 1.0 be enabled in the environment.
• We recommend moving to a newer OS that supports a more recent cryptographic protocol (TLS 1.2) in order to successfully establish a connection with the CB Response Cloud Server safely
• If enabling TLS 1.2, ensure the following keys and fields exist in regedit. Each field is of type Dword

  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2\Server 
    DisabledByDefault 0 
    Enabled 1 
    
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2\Client 
    DisabledByDefault 0 
    Enabled 1

• Ensure .Net is on a TLS 1.2 supported version
• This issue can occur in on-prem environments depending on the security settings of the server
• Sensor version 6.1.x will still work with older versions of TLS
• TLS1.0 is not supported on CB Response Cloud