EDR Technical Bulletin
March 5, 2015
EDR Agents cannot be registered with EDR Management Console on Guardian OS 7.6.123 and later.
An issue has been identified with registration of EDR agents to an EDR Management Console that is operating on a Snap Server running Guardian OS 7.6.123 or later.
This issue is caused by the disabling of SSL 3.0 in Guardian OS 7.6.123 and it will remain disabled in all future Guardian OS releases. SSL 3.0 was disabled to address the Poodle Security vulnerability (CVE-2014-3566).
This issue is addressed in Guardian OS 7.6.125
Functionality has been added to Guardian OS 7.6.125 to temporarily enable SSL 3.0 for the purpose of registering an EDR agent. SSL 3.0 is only needed for registration of the agent and can be subsequently disabled without impacting EDR functionality.
Preparing the system:
SSL 3.0 is only necessary on the Management Console during the EDR agent registration process.
You will need to utilize SSH. Check to see that SSH is enabled by navigating to Server -> SSH
After ensuring SSH is enabled you will need to log out of the web interface and connect to your Snap Server using an SSH client.
At the SSH login prompt, connect using the admin user. The default password is admin. If you have changed the admin password in the Snap Server web interface then use that password instead.
At the CLI prompt issue the command:
sslv3 set enable=yes
After hitting return, this command will enable SSL 3.0 and restart the web interface (including EDR).
Log back into the Snap Server web interface and proceed to configure EDR. If you previously attempted to add an agent you may need to revoke that agent’s certificate. After doing so, go to the agent system and try to sync again. It should succeed at this point.
Once you have completed registration of all EDR agents you can disable SSL 3.0.
Log out of the web interface and log back into SSH on the Master Console. At the CLI prompt issue the following command:
sslv3 set enable=no
After hitting return, this command will disable SSL 3.0 and again restart the web interface (including EDR).
Log back into the web interface of the Master Console and continue to configuring your EDR jobs.
If you have any issues with this process or other questions please contact technical support.