App Control: Blocks Caused by Cryptomining Protection Rapid Config
search cancel

App Control: Blocks Caused by Cryptomining Protection Rapid Config

book

Article ID: 286654

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

Unexpected blocks after enabling the Cyrptomining Protection Rapid Config

Environment

  • App Control Console: All Supported Versions
  • App Control Agent: All Supported Versions
  • Microsoft Windows: All Supported Versions

Cause

The application is executing a command line which is included in this Rapid Config's "Command Lines to block"

Resolution

  1. Log into the App Control console
  2. Navigate to Reports > Events
  3. Look for the blocks in question
  4. Add the column 'Rule Name' and confirm the rule is: Cryptomining Protection: Terminate Cryptomining process
  5. Add the column 'Command Line'
  6. Analyze the command line and confirm if there is a safe command line to allow
  7. Add a new exclusion in for this blocked command line in the 'Command Lines That Should Not Be Blocked' field

Additional Information

  • Cryptomining Protection Rapid Config: Reports or prevents potentially malicious behavior related to file based cryptomining attacks.
  • Minimum Agent version to use this Rapid Config is 8.0.0.