Signature Update Failure with HTTP Proxy
search cancel

Signature Update Failure with HTTP Proxy

book

Article ID: 434047

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard

Issue/Introduction

  • Customers running Carbon Black Cloud Sensor 4.1 in environments that use an HTTP proxy may experience failures when downloading antivirus signature updates.
  • All other sensor-to-cloud communications continue to function normally.

Environment

  • Carbon Black Cloud Windows Sensor: 4.1.0

Cause

  • The root cause has been identified in the Symantec LiveUpdate (LUX) component, used by the Stargate AV module.
  • The LUX library incorrectly prepends the prefix https:// to the configured proxy host even when the protocol is explicitly set to HTTP.
  • This results in connection failures when attempting to reach the proxy.

Resolution

  • A temporary workaround is available by explicitly defining the proxy with the http:// prefix during installation:
    ProxyServer=http://<IP>:<Port>
  • Please open a ticket with us in case of issue with sensor upgrade
  • A permanent fix will be included in the upcoming Carbon Black Cloud Sensor version 4.2

Additional Information

  • This issue may be seen when using a proxy which can use, HTTP and HTTPS, as when it chooses HTTP it may fail because it tries to use HTTPS for HTTP. 
  • Proxy settings can be modified after installation following these steps.
  • CRE-23319
Powered by Wolken Software