The crl.godaddy.com and ocsp.godaddy.com domains use OCSP (Online Certificate Status Protocol) and Certificate Revocation List (CRL) checks to validate a sensor's install certificate. You can disable this check.

Caution: You can disable CRL checks either during or after a sensor installation. However, disabling CRL can potentially open devices up to man in the middle attacks if Carbon Black Cloud revokes the certificate (this has never happened), and if an attacker then leverages the revoked certificate for such an attack.

For more information about RepCLI, see Managing Sensors by using RepCLI in the User Guide.

To disable CRL check during an initial sensor install:

Using the command line install method, add the CURL_CRL_CHECK=0 option to the install command. For example:

msiexec.exe  /q /i CBDefense-setup.msi  /L*vx log.txt CURL_CRL_CHECK=0

To disable CRL checks after the sensor is installed:

Procedure

  1. In the Carbon Black Cloud console, click Inventory and then click Endpoints.
  2. Select the endpoint, click Take Action, and then click Enable bypass. Confirm the action.
  3. To confirm that the endpoint is in bypass mode, run the following RepCLI command: repcli status
  4. As a best practice, create a backup of the cfg.ini file into another directory. For Windows sensor versions 3.6 and earlier, cfg.ini is located at C:\Program Files\Confer\cfg.ini. For Windows sensors 3.7 and later, cfg.ini is located at C:\ProgramData\CarbonBlack\DataFiles\cfg.ini. After you successfully complete the procedure, delete the backup file.
  5. Edit cfg.ini. Add the following parameter to the end of the file: CurlCrlCheck=false.
  6. Run the following RepCLI command: RepCLI updateconfig.
  7. In the Carbon Black Cloud console, click Inventory and then click Endpoints.
  8. Select the endpoint, click Take Action, and then click Disable bypass. Confirm the action.