EDR: How to deploy sensor certificates via GPO to disconnected endpoints
book
Article ID: 289037
calendar_today
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
Deploy sensor certificates registry keys via GPO to disconnected endpoints with mismatched settings for sensor group certificates.
Environment
- EDR (formerly CB Response) Sensor: All Versions
- Microsoft Windows: All Supported Versions
Resolution
- Install new sensor installer on one of the endpoint.
- Confirm its working and connected/registered with the EDR console
- Copy over client certs from registry of new sensor to non-working/recently-migrated sensor's registry
- Pre-6.2.3-win sensor:
- HKLM\SOFTWARE\CarbonBlack\config\SensorClientCert
- HKLM\SOFTWARE\CarbonBlack\config\SensorClientKey
- 6.2.3-win and above:
- HKLM\SYSTEM\CurrentControlSet\services\carbonblackk\SensorClientCert
- HKLM\SYSTEM\CurrentControlSet\services\carbonblackk\SensorClientKey
- Force check-in from endpoint and validate connectivity/registration
- Open cmd prompt
- Run:
sc control CarbonBlack 200
- Push the changes to all sensors through GPO (Group Policy)
Feedback
thumb_up
Yes
thumb_down
No