What are the Strict Validation Mode Requirements by Sensor Platform?
book
Article ID: 285732
calendar_today
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
A table chart listing the Strict Validation Mode Requirements by Sensor Platform.
Environment
EDR Sensor: 6.2.3 and above
Microsoft Windows: All Supported Versions
EDR Sensor: 6.2.5 and above
Apple macOS: All Supported Versions
Resolution
Requirement
macOS Sensor 6.2.5+
macOS Sensor 6.2.7+
Windows Sensor 6.2.3+
Exact certificate match
(Certificate pinning)
Yes
Yes
Yes
Expiration data
Yes
Yes
Yes
Certificate Validation Chain
-
Yes
Yes
Hostname matches
(SAN=)
* See additional notes
-
Yes
Yes
Revocation Check
-
-
-
Key Usage is Server Auth
(1.3.6.1.5.5.7.3.1)
-
Yes
Yes
Additional Information
Windows XP, Windows Vista, and Server 2003 will not support TLS certificate swap. These sensors should be using 6.1.x versions
The SAN must be different from the server FQDN and each group must have different entries. This feature uses virtual hosts, DNS does mapping is not needed, the sensor takes care of this via the host file. You can use any SAN. For example