Issue
After upgrading from 3.5.0.1523 to 3.7.0.1503 a few users were no longer authorized by Globalprotect to gain VPN access.
Environment
Carbon Black cloud EDR Standard
Resolution
The new version of Palo Alto Globalprotect VPN includes two main executables:
- C:\Program Files\Palo Alto Networks\GlobalProtect\PanGpHipMp.exe
- C:\program files\Palo Alto Networks\GlobalProtect\wa_3rd_party_host_32.exe
Adding the path to the allowed applications in Carbon Black cloud should be able to complete the VPN communications. Also make sure that Palo Alto Globalprotect has Carbon Black as a valid AV provider and 'Real time protection' is on for the version of the sensor you are using.
Cause
Palo Alto Globalprotect was not allow in Carbon Black cloud after the update. As well as Carbon Black was not configure as an active AV provider in Globalprotect. Causing the binaries to scanned and stopped by the sensor.
Reference: