App Control: Why did another security application on an endpoint block malware and the App Control agent did not?
search cancel

App Control: Why did another security application on an endpoint block malware and the App Control agent did not?

book

Article ID: 284836

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

Why did another security application on an endpoint block malware and the App Control agent did not

Environment

  • App Control (formerly CB Protection) agent: All supported versions

Resolution

  • One common reason is the antivirus on the endpoint has a higher filter driver altitude than the App Control Agent and acted first 
  • The agent did not have time to act on the malware because the AV hooked and quarantined the file before the agent could scan it
  • This does not mean the App Control Agent would not have caught the malware if the the antivirus did not
  • With the proper antivirus exclusions in place the App Control agent would not scan processes from another security application on an endpoint

Additional Information

This is one explanation for one possible scenario however not the only ecplination. Agent logs will provide more information if necessary