Note:

• The benefit of the CRL check is that it would automatically prevent the sensor from communicating with the CBC backend in the exceptional situation that the CBC certificate was revoked.
• Disabling of the CRL check could be leveraged for a man in the middle attack if a Sensor/Backend communication certificate is revoked

• Carbon Black Cloud Sensor: All Supported Versions
• Microsoft Windows: All Supported Versions

Available Configurations

CURL_CRL_CHECK

• When CURL_CRL_CHECK=0 is set, CRL validation is skipped altogether.

CURL_CRL_REVOKE_BEST_EFFORT

• When CURL_CRL_REVOKE_BEST_EFFORT=1 is set, the sensor will make a best effort attempt to verify the SSL certificate but will not reject the connection if revocation information can't be obtained due to firewall or other network restrictions.

Configuration At Install

During the unattended Install or upgrade of CB Defense Sensor add the parameter to the MSI command

CURL_CRL_REVOKE_BEST_EFFORT=1
OR
CURL_CRL_CHECK=0

Example:
msiexec /q /i "C:\Users\UserFolderName\Desktop\installer_vista_win7_win8-64-4.1.0.5463.msi" /L*v log.txt COMPANY_CODE=EnterCompanyCodeHere CLI_USER=EnterSidHere CURL_CRL_REVOKE_BEST_EFFORT=1

Configuration Post Install

1. Place the sensor in Bypass mode.
2. Locate the cfg.ini file on the endpoint.
3. Edit cfg.ini file, and add the configuration:

   CurlCrlRevokeBestEffort=1
   -- this is the same as CURL_CRL_REVOKE_BEST_EFFORT
   
   OR
   
   CurlCrlCheck=false
   -- this is the same as CURL_CRL_CHECK=0

4. Save and close cfg.ini 
5. Load changes

   "C:\Program Files\Confer\RepCLI.exe" updateconfig

6. Bring Sensor out of Bypass
7. Check web Console for normal sensor communications, like check-ins and events.