Endpoint Standard: Repmgr.exe is detected with TTP: detected_malware

search cancel

Endpoint Standard: Repmgr.exe is detected with TTP: detected_malware_app

book

Article ID: 286357

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense)

Issue/Introduction

Repmgr.exe is detected as an involved process with TTP: detected_malware_app
The alert triage page displays the message:

The file <application>.exe was first detected on a local disk.
 The device was on the corporate network using the public address xx.xx.xx.xx.
 The file is not signed. 
 The file was accessed by the application C:\program files\confer\repmgr.exe.

Environment

Carbon Black Cloud console: All versions
Endpoint Standard Sensor: All versions

Cause

Since a process contains a primary & target application, in the process of malware scanning , repmgr.exe is the primary application and malware is the target application.

Resolution

Application detected as malware has to be evaluated as per the organization's security standards.

Feedback

thumb_up Yes

thumb_down No