The Carbon Black Cloud sensor uses a variety of mechanisms to determine whether a network proxy is present.

If a proxy is detected (or if one is specified at install time), the sensor attempts to use that proxy. If no proxy is detected, the sensor will attempt a direct connection through port 443 or 54443.

The sensor attempts to contact the Carbon Black Cloud backend by using the following methods:

  • A static configured proxy that is configured during sensor installation.
  • A direct connection over TCP/443.
  • Auto-detection of a proxy and proxy credentials (when applicable) from the local computer’s operating system settings.

If you cannot establish connectivity over the standard SSL port, the sensor can fail over to the alternate port, which is TCP/54443.

Note: Carbon Black Cloud sensors automatically try to detect proxy settings during initial installation. This should be tested. If the automatic proxy detection doesn’t succeed, you must define the parameters to include the Proxy IP and Port in the MSI command line during a command line installation.

If user authentication is required, the user might be prompted for credentials. This typically does not occur in environments that require proxy credentials because the sensor uses an existing configuration that avoids requiring end users to enter credentials.

Note:

Windows sensor 3.3 and later versions performs a CRL check. OCSP and CRL traffic is not handled directly by the sensor or the installer, and does not use the proxy parameters that are specified at install. This traffic requires having WinHTTP set to the proxy.

You must either disable the CRL check (see Disable CURL CRL CHECK), or configure WinHTTP to use an existing proxy server:port. You can perform the latter option in the following ways:

  • Set WinHTTP proxy information through proxy-side configuration.
  • Manually set WinHTTP proxy through a command line interface on specific machines:
    netsh winhttp set proxy <proxy>:<port>
  • Set WinHTTP on multiple machines by using Group Policy.

To avoid going through a network proxy (and/or to avoid being blocked by a firewall), you might need to configure a bypass on your proxy server/firewall to allow outgoing connections from the sensor to the backend. Options for bypass configuration include the following:

  • Configure a bypass on your firewall or proxy to allow outgoing connections to your Carbon Black Cloud domain over TCP/443.
  • Configure a bypass in your firewall or proxy to allow outgoing connections to the Carbon Black Cloud alternate port TCP/54443.
Important: The host domain name for the Carbon Black Cloud backend server is included in the server’s certificate. Some network proxies and gateways might try to validate the certificate and deny the Carbon Black Cloud backend application connection because of a name mismatch between the certificate and real host name of the system that is running in AWS. If this occurs, you must configure the proxy or gateway so that it does not validate the backend server certificate. Note that you cannot access the certificate or hostname in the server’s certificate.