Carbon Black Cloud: Signature Update Fails When Downloading DLL Files
book
Article ID: 288936
calendar_today
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Issue/Introduction
Signature pack updates are consistently failing
The upd.log file (C:\Program Files\Confer\Scanner) shows download attempts fail with "request forbidden"
Callback: Download manager: Server returned status 'request forbidden' while downloading the file http://updates2.cdc.carbonblack.io/update2/ave2/win64/int/aeheur.dll.gz
Environment
Carbon Black Cloud Console: All versions
Carbon Black Cloud Sensor: 2.x.x.x and higher
Microsoft Windows: All supported versions
Cause
This is most likely caused by Firewall packet inspection
The file name includes ".dll" which is commonly included in string matching rules
Deep packet inspection will unpack zip files and may drop packets when finding .dll files
Resolution
Use a web browser from an affected machine to attempt to download the file listed in upd.log over HTTP
If the download succeeds over HTTPS, this confirms a Firewall or packet inspection issue which will require disabling packet inspection and/or whitelisting traffic to the update URL
If the HTTPS download also fails, ensure SSL inspection is not enabled on Sensor update traffic
If HTTPS downloads fail and there is no SSL inspection in place, please open a support case