Endpoint Standard: Cert and Hash Whitelisting randomly failing
book
Article ID: 289944
calendar_today
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Issue/Introduction
Applications which were previously whitelisted by cert or hash are now being blocked or alerted on
Environment
- Carbon Black Cloud (formerly PSC) Console: All Versions
- Endpoint Standard (formerly CB Defense) Sensor: 3.4.x
Cause
Carbon Black has identified an issue on the backend which can result in the sensor receiving a bad or corrupt whitelist file
Resolution
- Issues have been resolved in sensor version 3.5.0.869 and .49.1 backend updates
- If this issue persists, try deleting and re-adding the cert or hash to the whitelist
Additional Information
https://community.carbonblack.com/t5/Knowledge-Base/CB-Defense-How-to-Use-Cert-Whitelisting/ta-p/64823
https://community.carbonblack.com/t5/Knowledge-Base/CB-Defense-How-to-Utilize-IT-Tools-Whitelist-Feature/ta-p/37958
https://community.carbonblack.com/t5/Knowledge-Base/CB-Defense-How-to-Utilize-IT-Tools-Whitelist-Feature/ta-p/37958
https://community.carbonblack.com/t5/Knowledge-Base/Cb-Defense-Reputation-Priority/ta-p/51797
Feedback
thumb_up
Yes
thumb_down
No