Carbon Black Cloud: Signature Update Fails When Downloading DLL Files
search cancel

Carbon Black Cloud: Signature Update Fails When Downloading DLL Files


Article ID: 288936


Updated On:


Carbon Black Cloud Endpoint Standard (formerly Cb Defense)


  • Signature pack updates are consistently failing
  • The upd.log file (C:\Program Files\Confer\Scanner) shows download attempts fail with "request forbidden" 
    Callback: Download manager: Server returned status 'request forbidden' while downloading the file


  • Carbon Black Cloud Console: All versions
  • Carbon Black Cloud Sensor: 2.x.x.x and higher
  • Microsoft Windows: All supported versions


  • This is most likely caused by Firewall packet inspection
  • The file name includes ".dll" which is commonly included in string matching rules
  • Deep packet inspection will unpack zip files and may drop packets when finding .dll files


  1. Use a web browser from an affected machine to attempt to download the file listed in upd.log over HTTP
  2. The web browser should indicate file download failure with a specific error code or message (this may be enough to determine how to resolve issue)
  3. Then use a web browser to download the same file over HTTPS (since the traffic is encrypted a Firewall will not be able to see the .dll file)
  4. If the download succeeds over HTTPS, this confirms a Firewall or packet inspection issue which will require disabling packet inspection and/or whitelisting traffic to the update URL
  5. If the HTTPS download also fails, ensure SSL inspection is not enabled on Sensor update traffic 
  6. If HTTPS downloads fail and there is no SSL inspection in place, please open a support case