Does Disabling the CRL Check on Sensors Open Communications to Man in the Middle Attacks?
search cancel

Does Disabling the CRL Check on Sensors Open Communications to Man in the Middle Attacks?

book

Article ID: 288890

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

Does disabling the Certificate Revocation List (CRL) check at the time of Sensor install result in the Sensor becoming open to man-in-the-middle attacks?

Environment

  • Carbon Black Cloud Sensor: All Supported Versions 
  • Microsoft Windows: All supported versions

Resolution

Disabling the CRL check does not immediately open the Sensor to man in the middle attacks

Additional Information

  • CRL checks often fail when proxies are involved because the CRL check process is offloaded to WinHTTP
  • Sensor can also be configured to make a best effort CRL check