Agent Generated CRL (ocrl) Traffic Does Not Follow Proxy
search cancel

Agent Generated CRL (ocrl) Traffic Does Not Follow Proxy

book

Article ID: 288852

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

  • Captured netsh (scenario=InternetClient) and CAPI2 logs show this network connection come into existence.
  • Agent calls CertGetCertificateChain to perform CRL checks and build the certificate chain context, triggering a request via WinHTTP to verify the revocation status.
  • WinHTTP should honor locally defined proxy settings, however the user observes a direct OCSP connection rather than using the designated Proxy

Environment

  • App Control Agent: All Supported Versions
  • Microsoft Windows: All Supported Versions

Cause

On 64-bit Windows machines there are two separate "netsh" commands and settings. The Windows Agent is still a 32-bit application and the 32-bit netsh has not been configured for the Proxy.

Resolution

Once the 32-bit netsh is called (example below) to point to the Proxy Server, OCRL calls will start following the Proxy Server settings:

C:\Windows\SysWOW64\netsh winhttp set proxy myproxy:80
C:\Windows\SysWOW64\netsh winhttp show proxy

Additional Information

Currently the Agent does not officially support the use of a Proxy.

Powered by Wolken Software