Carbon Black Cloud: Sensor Registers in WSC as "Carbon Black Cloud Firewall" From Org Without HBFW Enabled
Article ID: 291932
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Issue/Introduction
- Host-based Firewall feature is disabled for Org.
- Carbon Black Cloud Firewall is registered in Windows Security Center.
- Recurring WSC notifications if Windows Firewall is disabled, similar to:
Windows Firewall and Carbon Black Cloud Firewall are both turned off. Tap or click to see available options.
Environment
- Carbon Black Cloud Console: All Versions
- Carbon Black Cloud Sensor: 3.9.0.2357 - 3.9.2.2698
- Microsoft Windows: All Supported Versions
Cause
- Code changes in the 3.9 Sensor introduced Host-based Firewall as an add-on feature for Carbon Black Cloud.
- Some of these code changes cause the Sensor to register with WSC as the system's firewall, regardless of whether the feature is enabled.
Resolution
Upgrade to Sensor 4.0.0.1292, which contains a fix for this bug. From the Release Notes:
DSEN-24701: Fixed an issue where CB Firewall registered itself as a firewall provider in Windows Security Center without Host-Based Firewall being enabled in the org policy.
Additional Information
Windows Security Center notifications can be disabled in Group Policy by setting the following policy to Enabled.
Computer Configuration > Administrative Templates > Windows Components > Windows Security > Notifications > Hide all notificationsNote: This will disable all Windows Security Center notifications.
Feedback
Yes
No
Powered by
