ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

When should I use the "Detect Anomalous Process Dlls" playbook?


Article ID: 172908


Updated On:


Endpoint Detection and Response Cloud


When should I use the "CAR-2013-10-002: Detect Anomalous Process Dlls" playbook?


This playbook is most effective across large network ranges of endpoints with a uniform base image. It still has value across smaller ranges, though it is expected that the noise/anomaly rates may vary as the environment shifts from large uniform networks to small scattered networks