EDR: Why is the hosts file being modified when using legacy certificates?
search cancel

EDR: Why is the hosts file being modified when using legacy certificates?

book

Article ID: 288582

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response) Carbon Black Hosted EDR (formerly Cb Response Cloud)

Issue/Introduction

  • cb.exe is modifying the C:\Windows\System32\drivers\etc\hosts file
  • This is true regardless of legacy or custom certificates being used

Environment

  • EDR Windows sensor: 7.4.1
  • Microsoft Windows: All Supported Versions

Resolution

With the IPV6 support added with the 7.4 EDR Windows sensor release, the sensor will now modify the hosts file whether custom or legacy certificates are used.

Additional Information

If this should change, customer feedback is needed. Please submit this change request via Voice of the Customer
Powered by Wolken Software