Endpoint Standard: Repmgr.exe is detected with TTP: detected_malware_app
book
Article ID: 286357
calendar_today
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Issue/Introduction
Repmgr.exe is detected as an involved process with TTP: detected_malware_app
The alert triage page displays the message:
The file <application>.exe was first detected on a local disk.
The device was on the corporate network using the public address xx.xx.xx.xx.
The file is not signed.
The file was accessed by the application C:\program files\confer\repmgr.exe.
Environment
Carbon Black Cloud console: All versions
Endpoint Standard Sensor: All versions
Cause
Since a process contains a primary & target application, in the process of malware scanning , repmgr.exe is the primary applicationĀ and malware is the target application.
Resolution
Application detected as malware has to be evaluated as per the organization's security standards.