CB Response: Sensor Communication driver being removed in FIPS mode
search cancel

CB Response: Sensor Communication driver being removed in FIPS mode

book

Article ID: 292456

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

Seeing the following error on sensor.log: 
Tid[13A4] 2019-07-08 12:57:21 (i): Windows system wide FIPS mode is enabled
Tid[13A4] 2019-07-08 12:57:21 (i): OpenService call on cbcomms failed!
Tid[13A4] 2019-07-08 12:57:21 (i): Communication driver was successfully removed from system in FIPS mode"

Environment

  • CB Response Windows Sensor: 6.2.2 and previous versions

Cause

The cbcomms.sys driver uses an SSL protocol that is not allowed in FIPS mode. 

Resolution

Upgrade sensor to win-6.2.3 and above versions. The core driver in Win-6.2.3 uses FIPS-approved SSL protocols to report tamper events to the server.

Additional Information

Communication driver (cbcomms) is used by sensor kernel driver to send tamper messages to the Response server. In FIPS mode communication driver would not function. 

 
Powered by Wolken Software