CB Defense: Unexpected Blocks When Sensor Cannot Reach Backend
search cancel

CB Defense: Unexpected Blocks When Sensor Cannot Reach Backend


Article ID: 288925


Updated On:


Carbon Black Cloud Endpoint Standard (formerly Cb Defense)


Whitelisted and known good files are blocked if the Sensor cannot reach the backend


  • CB Defense PSC Sensor: All supported versions
  • CB Defense PSC Console: All supported versions


  • The Sensor may determine the cloud is not reachable after multiple consecutive connection failures
  • The Sensor will rely on local scanner reputation or apply an "Unknown" reputation to new files
  • No delays are set to allow cloud lookup to complete or provide time for file certificate verification
  • Once the local scanner returns a reputation (which may include not_listed and unknown reps) that reputation is applied and related policy rules will be enforced


Ensure Sensors can reach the PSC backend to avoid unexpected blocks

Additional Information

  • The Sensor will err on the side of caution when not connected to the Cloud by applying the Unknown reputation to new files
  • The Sensor will continue to perform cloud lookups when connectivity is restored and will update file reputations as needed
  • File certification checks will also be allowed to complete and will be used to update file reputations as needed
  • Once a file and a specific PID are associated with a reputation, a new repuation will not be applied until the process is restarted and a new PID is assigned