Test Carbon Black Cloud Sensor Network Connectivity
search cancel

Test Carbon Black Cloud Sensor Network Connectivity

book

Article ID: 284718

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

Test to confirm a client machine's ability to connect to the Carbon Black Cloud backend.

Environment

  • Carbon Black Cloud Console: All versions
  • Carbon Black Cloud Sensor: All supported versions
  • Microsoft Windows: All supported versions

Resolution

Table of Contents

Definitions

  • Sensor URL
    • Without connection to the sensor URL, the sensor will be unable to check-in with the Carbon Black Cloud backend. This URL is not the same on on backends. See Firewall Configuration
  • Content Management URL
    • Without connection to the content management URL, the sensor is not fully operational or protected. This URL is the same for all backends
  • Signature URL
    • Only needed for Windows sensors and customers with Endpoint Standard/Endpoint Foundations. Without connection to the Signature URL, the sensor will not be able to receive signature pack updates. This URL is the same for all backends.

Windows

Test Connection to the Sensor URL

NOTE: The example URL (dev-prod05.conferdeploy.net) is specific to Prod 05. For other environments see Firewall Configuration.

  1. Open a Powershell administrative prompt
  2. Run command: 
    Test-NetConnection -computername dev-prod05.conferdeploy.net -Port 443 -InformationLevel Detailed
  3. Successful connection will show: 
    TcpTestSucceeded : True

Test Connection to the Content Management URL

Via PowerShell

  1. Open a PowerShell administrative prompt
  2. Run command: 
    Test-NetConnection -computername content.carbonblack.io -Port 443 -InformationLevel Detailed
  3. Successful connection will show: 
    TcpTestSucceeded : True

Via Live Response

  1. Start a Live Response Session
  2. Run command: 
    execfg "c:\Windows\System32\WindowsPowerShell\v1.0\Powershell.exe" Test-NetConnection -computername content.carbonblack.io -Port 443 -InformationLevel Detailed
  3. Successful connection will show: 
    TcpTestSucceeded : True

Test Connection to the Signature URL

Note that 4.1+ sensors use a new Signature Update URL (liveupdate.symantec.com)

Via PowerShell

  1. Open a PowerShell administrative prompt
  2. Run command: 
    For sensors on version 4.1+
Test-NetConnection -computername liveupdate.symantec.com -Port 443 -InformationLevel Detailed

For sensors on version 4.0.3 and below:
--For HTTPS
Test-NetConnection -computername updates2.cdc.carbonblack.io -Port 443 -InformationLevel Detailed

--For HTTP
Test-NetConnection -computername updates2.cdc.carbonblack.io -Port 80 -InformationLevel Detailed
  3. Successfull connection will show: 
    TcpTestSucceeded : True

Via Live Response

  1. Start a Live Response Session
  2. Run command: 
    --For HTTPS
execfg "c:\Windows\System32\WindowsPowerShell\v1.0\Powershell.exe" Test-NetConnection -computername updates2.cdc.carbonblack.io -Port 443 -InformationLevel Detailed

For HTTP
execfg "c:\Windows\System32\WindowsPowerShell\v1.0\Powershell.exe" Test-NetConnection -computername updates2.cdc.carbonblack.io -Port 80 -InformationLevel Detailed
  3. Successful connection will show: 
    TcpTestSucceeded : True

Test Connection to the Other Firewall URLs

Any other documented firewall URL (like the Third-party certificate validation URL http://ocsp.digicert.com which uses port 80 ) can be tested using the above steps by replacing the computername value and appropriate Port value.

  1. Open a PowerShell administrative prompt
  2. Run command: 
    Test-NetConnection -computername http://ocsp.digicert.com -Port 80 -InformationLevel Detailed
  3. Successful connection will show: 
    TcpTestSucceeded : True

Linux and macOS

Test Connection to the Sensor URL

NOTE: The example URL (dev-prod05.conferdeploy.net) is specific to Prod 05. For other environments see Firewall Configuration.


Via Curl

  1. Open terminal
  2. Run command: 
    curl https://dev-prod05.conferdeploy.net/services/healthCheck/
  3. Successful connection will show: 
    {"appStats":{"Commit":"HEAD","Build":"snapshot","Branch":"develop"},"message":"success","success":true}

Test Connection to the Content Management URL

Without connection to the sensor URL, the sensor will be unable to check-in.
NOTE: The example URL (dev-prod05.conferdeploy.net) is specific to Prod 05. For other environments see Configure a Firewall


Via Curl

  1. Open terminal
  2. Run command: 
    curl https://content.carbonblack.io
  3. Successful connection will show missing Key-Pair error: 
    <?xml version="1.0" encoding="UTF-8"?><Error><Code>MissingKey</Code><Message>Missing Key-Pair-Id query parameter or cookie value</Message></Error>


Via wget

  1. Open terminal
  2. Run command
  3. Successful connection will show 403 error: 
    Resolving content.carbonblack.io (content.carbonblack.io)... <ip_addresses> ...
Connecting to content.carbonblack.io (content.carbonblack.io)|<ip_address>|:443... connected.
HTTP request sent, awaiting response... 403 Forbidden
YYYY-MM-DD hh:mm:ss ERROR 403: Forbidden.
Powered by Wolken Software