EDR: Browser sessions persist after service restart
Article ID: 292364
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
Users are still able to browse webpages without re-authentication after a restart of EDR services
Environment
- EDR Server: 7.7
Cause
An update in one of the services has caused persistence across sessions
Resolution
Workaround
- Stop cb-enterprise
-
/usr/share/cb/cbservice cb-enterprise stop
-
- Delete file /var/cb/redis/dump.rdb
-
rm /var/cb/redis/dump.rd
-
- Update /etc/cb/redis.conf and /etc/cb/redis.conf.template by removing the '#' at the start of the line for
-
save ""
-
- Start cb-enterprise
-
/usr/share/cb/cbservice cb-enterprise start
-
Additional Information
To test fix, connect to the UI and then restart services. The session should be closed and require the user to sign in
/usr/share/cb/cbservice cb-enterprise restart
Feedback
Yes
No
Powered by
