Cb Defense: How to Identify Whitelisted Certs That Should be Updated for the 3.3 Mac Sensor

search cancel

book

calendar_today

Carbon Black Cloud Endpoint Standard (formerly Cb Defense)

Identify Whitelisted certificates that should be updated for the 3.3.x.x and higher Mac Sensor

In the PSC Console, Navigate to Enforce > Reputation
Select "Whitelist" from upper right
Sort list by Type
Review the Whitelisted certificates that apply to macOS Sensors
Any certificates Whitelisted by Organization Name that may cover personal- or developer-level certificates under the Organization Name should be updated to Common Name
Follow steps in https://community.carbonblack.com/t5/Knowledge-Base/Cb-Defense-How-to-Update-Certificate-Whitelist-for-3-3-Sensor-on/ta-p/64717 to update Whitelisted certificates

Updating these certificate Whitelists to include the issuer Common Name will increase security efficacy by allowing the sensor to differentiate between Organization certificates and personal or developer level certificates
It is recommended to maintain the current certificate Whitelists configured for Organization Name in conjunction with the newly configured certificate Whitelists for Common Name during the process of upgrading to 3.3.x.x and higher
Certificate Whitelisting has a global effect, so the previously configured Certificate Whitelists should remain in place until all sensors are upgraded to 3.3.x.x or higher
An additional waiting period of approximately 30 days after upgrade to Sensor version 3.3 is recommended prior to removing the Organization Name Whitelists
This waiting period will help prevent False Positives during the file Reputation transition resulting from the Certificate update
The Certificate Whitelists configured for Organization Name should be removed after upgrade to Sensor version 3.3 and the recommended waiting period has elapsed

thumb_up Yes

thumb_down No