Carbon Black Cloud: Signature Update Fails When Downloading DLL Files
Article ID: 288936
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Issue/Introduction
- Signature pack updates are consistently failing
- The upd.log file (C:\Program Files\Confer\Scanner) shows download attempts fail with "request forbidden"
Callback: Download manager: Server returned status 'request forbidden' while downloading the file http://updates2.cdc.carbonblack.io/update2/ave2/win64/int/aeheur.dll.gz
Environment
- Carbon Black Cloud Console: All versions
- Carbon Black Cloud Sensor: 2.x.x.x and higher
- Microsoft Windows: All supported versions
Cause
- This is most likely caused by Firewall packet inspection
- The file name includes ".dll" which is commonly included in string matching rules
- Deep packet inspection will unpack zip files and may drop packets when finding .dll files
Resolution
- Use a web browser from an affected machine to attempt to download the file listed in upd.log over HTTP
http://updates2.cdc.carbonblack.io/update2/ave2/win64/int/aeheur.dll.gz
- The web browser should indicate file download failure with a specific error code or message (this may be enough to determine how to resolve issue)
- Then use a web browser to download the same file over HTTPS (since the traffic is encrypted a Firewall will not be able to see the .dll file)
https://updates2.cdc.carbonblack.io/update2/ave2/win64/int/aeheur.dll.gz
- If the download succeeds over HTTPS, this confirms a Firewall or packet inspection issue which will require disabling packet inspection and/or whitelisting traffic to the update URL
- If the HTTPS download also fails, ensure SSL inspection is not enabled on Sensor update traffic
- If HTTPS downloads fail and there is no SSL inspection in place, please open a support case
Feedback
Yes
No
Powered by
