After upgrading from 184.108.40.2063 to 220.127.116.113 a few users were no longer authorized by Globalprotect to gain VPN access.
Carbon Black cloud EDR Standard
The new version of Palo Alto Globalprotect VPN includes two main executables:
- C:\Program Files\Palo Alto Networks\GlobalProtect\PanGpHipMp.exe
- C:\program files\Palo Alto Networks\GlobalProtect\wa_3rd_party_host_32.exe
Adding the path to the allowed applications in Carbon Black cloud should be able to complete the VPN communications. Also make sure that Palo Alto Globalprotect has Carbon Black as a valid AV provider and 'Real time protection' is on for the version of the sensor you are using.
Palo Alto Globalprotect was not allow in Carbon Black cloud after the update. As well as Carbon Black was not configure as an active AV provider in Globalprotect. Causing the binaries to scanned and stopped by the sensor.