Endpoint Standard: Sensor Blocks Signed File Despite Cert Whitelisting
Article ID: 288880
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Issue/Introduction
- Cert Whitelisting has been implemented for specific vendors
- Files signed by that vendor are still blocked due to not receiving the Local_White reputation associated with Cert Whitelisting
- The blocked files are likely to be files recently written to the device
- The file will likely receive an Unknown reputation
- The following file parse errors will be recorded in the Sensor logs:
CSiCertEx::Parse: Failed to open file <filename>, error: 32
Environment
- Endpoint Standard Sensor: 3.4.x.x and lower
- Carbon Black Cloud Console: All versions
Cause
This is related to a known issue with 3.4.x.x and lower Sensor versions.
Resolution
This issue was resolved with the 3.5 and greater Sensor release please upgrade to the latest version which are announced here
Feedback
Yes
No
Powered by
