search
cancel
Search
Does Disabling the CRL Check on Sensors Open Communications to Man in the Middle Attacks?
book
Article ID: 288890
calendar_today
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Show More
Show Less
Issue/Introduction
Does
disabling the Certificate Revocation List (CRL) check
at the time of Sensor install result in the Sensor becoming open to man-in-the-middle attacks?
Environment
Carbon Black Cloud Sensor: All Supported Versions
Microsoft Windows: All supported versions
Resolution
Disabling the CRL check does not immediately open the Sensor to man in the middle attacks
Disabling of the CRL check could be leveraged for a man in the middle attack if a Sensor/Backend communication certificate is revoked
Additional information can be found about
What are some concerns with disabling the CRL check within the Sensor?
Additional Information
CRL checks often fail when proxies are involved because the CRL check process is offloaded to WinHTTP
Sensor can also be configured to make a
best effort CRL check
Feedback
thumb_up
Yes
thumb_down
No