ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

When should I use the "Detect Anomalous Process Dlls" playbook?

book

Article ID: 172908

calendar_today

Updated On:

Products

Endpoint Detection and Response Cloud

Issue/Introduction

When should I use the "CAR-2013-10-002: Detect Anomalous Process Dlls" playbook?

Resolution

This playbook is most effective across large network ranges of endpoints with a uniform base image. It still has value across smaller ranges, though it is expected that the noise/anomaly rates may vary as the environment shifts from large uniform networks to small scattered networks