Carbon Black Cloud: How to determine if content.carbonblack.io is blocked?
search cancel

Carbon Black Cloud: How to determine if content.carbonblack.io is blocked?

book

Article ID: 292536

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

How to determine if content.carbonblack.io is blocked?

Environment

  • Carbon Black Cloud Console: All Versions
  • Carbon Black Cloud Windows Sensor: 3.6.x.x and Higher
  • Microsoft Windows: All Supported Versions

Resolution

If content.carbonblack.io is blocked, the following symptoms will be observed:
  • Enterprise EDR (was CB ThreatHunter) - Observe that sensor has not uploaded any data since upgrading to 3.6
  • Device Control - Inability to block devices
  • Checking RepCLI status output will display the following alarm:  
    C:\>"C:\Program Files\Confer\RepCLI.exe" status | findstr "ManifestDownloadFailure"

ManifestDownloadFailure: x times LastTrigger[mm/dd/yyyy hh:mm:ss]

Additional Information

  • In sensor version 3.6.x.x and above, Enterprise EDR, AMSI Prevention, and Unified Binary Store must be able to access content.carbonblack.io in order to function correctly
  • If a software or hardware firewall exists between the device and the internet, please ensure that outbound connections are allowed to content.carbonblack.io and inbound connections are allowed from content.carbonblack.io
  • Device Control is available with Sensor 3.6.x.x and higher and Carbon Black Cloud Console November '20 Release (0.60) and higher
Powered by Wolken Software