• Agent upgrades are failing with:

  WinHttpQueryHeaders StatusCode[00000193]

• Trace.bt9 log (created in high debugging) shows similar to:

  2024-01-04T12:17:08-06:00 -1 (1CC8) - HTTP: WinHttpQueryHeaders returned with non-success[00000193] on https://ServerAddress/hostpkg/pkg.php?pkg=Yara.bt9

• App Control Console: All Supported Versions
• App Control Agent: All Supported Versions

Microsoft defines the hex code 00000193 as:

HTTP_STATUS_FORBIDDEN: 403
The server understood the request, but cannot fulfill it.

Typically this is caused by the Proxy not allowing connections over 443 to the Resource Download Location.

The Agent is currently 32-bit architecture and will use the 32-bit Proxy settings. Verify these are set correctly:

1. Verify the Resource Download Location (RDL) specified is correct and traffic is not blocked by the firewall.
2. Log in to the endpoint encountering the error and use a browser to validate the file exists and can be downloaded (without error), example:

   https://ServerAddress/hostpkg/pkg.php?pkg=ParityHostAgent.msi

3. If a Proxy is in use:
   • The Agent does not officially support a Proxy and a bypass to the Server Address/RDL may be required.
   • The Agent is currently still a 32-bit application, and uses the 32-bit Proxy settings.
   • Use an administrative command prompt on the endpoint to verify a Bypass exists:

     cd C:\Windows\SysWOW64\
     netsh winhttp show proxy

   • If a Bypass does not exist, add one:

     netsh winhttp set proxy proxy-server="<proxyservername>" bypass-list=<appserver.domain.com>;<Existing Bypass Lists>

   • A reboot may be required to restore the connection.
4. Perform the relevant task manually on the endpoint:
   • Manually upgrade the Agent.
   • Manually import the TrustedCertList.pem or Keychain.json file(s).
   • Manually import the Yara file.

Certain proxies may also require the App Control Server ports 41002 + 443 added to the server name, example:

AppControlServerNameHere.local:41002;AppControlServerNameHere.local:443