How to Adjust CRL checking for Best Effort
search cancel

How to Adjust CRL checking for Best Effort

book

Article ID: 285006

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

Useful steps for situations where a CRL check is not possible or needed or desired. These instructions will tell the sensor to ignore any communication issues that are not cert failures based on revocation. In those situations, it will proceed anyway. 

Environment

  • Carbon Black Cloud Console: All Versions
  • Carbon Black Cloud Sensor: 3.8.0.722 and higher
  • Microsoft Windows: All Supported Versions

Resolution

Options:

  1. During the unattended Install or upgrade of CB Defense Sensor add the following parameter
    CURL_CRL_REVOKE_BEST_EFFORT=1
    1. Refer to the Unintended installations KB HERE for addition variables and command line options. 
  2. Edit the Config file
    1. Place the sensor in Bypass mode.
    2. Locate the cfg.ini file on the endpoint.
    3. Edit cfg.ini file, and add:
      CurlCrlRevokeBestEffort=1
    4. Save and close cfg.ini 
    5. Load changes
      "C:\Program Files\Confer\RepCLI.exe" updateconfig
    6. Bring Sensor out of Bypass
    7. Check web Console for normal sensor communications, like check-ins and events.


 

Additional Information

The command line addition will add the following line to the cfg.ini file

CurlCrlRevokeBestEffort=1

 This will allow the Sensor to remain enabled and set to best effort but sensor communication continues if the CRL distribution point is unreachable.

WARNING:
  Additional information can be found about What are some concerns with disabling the CRL check within the Sensor?