How to remediate ManifestDownloadFailure alarms (macOS)
search cancel

How to remediate ManifestDownloadFailure alarms (macOS)

book

Article ID: 292390

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

Provide steps for correcting issues for macOS Sensors with downloading of content manifest data from content.carbonblack.io after receiving a related Alert

Environment

  • Carbon Black Cloud Console: All Versions
    • Endpoint Standard
    • Enterprise EDR
    • Audit & Remediation
    • Workload
  • Carbon Black Cloud Sensor: 3.5.3.x and Higher
  • Apple macOS: All Supported Versions

Resolution

  1. Check access to content.carbonblack.io from endpoint
  2. Verify that any configured proxy or firewall allows outbound (endpoint to cloud) communication
    URL Port Direction SSL Inspection
    content.carbonblack.io TCP/443 Outbound Disabled
  3. Check status of Manifest downloads and ContentDownloadFailure alarms
  4. If ManifestDownloadFailure alarms continue in SensorAlarms.log, please open a case with Carbon Black Technical Support and provide 
    Hostname
Verification of access from step 1
Configuration information of firewall/proxy exclusion from step 2 (along with date/time implemented)
Firewall/proxy logs with any errors in communicating with content.carbonblack.io
Output of step 3 above

Additional Information

There is no need to perform these steps unless directed to do so by a CB Analytics Alert in the Carbon Black Cloud Console or by a member of VMware Carbon Black Technical Support.
Powered by Wolken Software