App Control: Why did another security application on an endpoint block malware and the App Control agent did not?
book
Article ID: 284836
calendar_today
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
Why did another security application on an endpoint block malware and the App Control agent did not
Environment
- App Control (formerly CB Protection) agent: All supported versions
Resolution
- One common reason is the antivirus on the endpoint has a higher filter driver altitude than the App Control Agent and acted first
- The agent did not have time to act on the malware because the AV hooked and quarantined the file before the agent could scan it
- This does not mean the App Control Agent would not have caught the malware if the the antivirus did not
- With the proper antivirus exclusions in place the App Control agent would not scan processes from another security application on an endpoint
Additional Information
This is one explanation for one possible scenario however not the only ecplination.
Agent logs will provide more information if necessary
Feedback
thumb_up
Yes
thumb_down
No