App Control: Blocks Caused by Cryptomining Protection Rapid Config
book
Article ID: 286654
calendar_today
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
Unexpected blocks after enabling the Cyrptomining Protection Rapid Config
Environment
- App Control Console: All Supported Versions
- App Control Agent: All Supported Versions
- Microsoft Windows: All Supported Versions
Cause
The application is executing a command line which is included in this Rapid Config's "Command Lines to block"
Resolution
- Log into the App Control console
- Navigate to Reports > Events
- Look for the blocks in question
- Add the column 'Rule Name' and confirm the rule is: Cryptomining Protection: Terminate Cryptomining process
- Add the column 'Command Line'
- Analyze the command line and confirm if there is a safe command line to allow
- Add a new exclusion in for this blocked command line in the 'Command Lines That Should Not Be Blocked' field
Additional Information
- Cryptomining Protection Rapid Config: Reports or prevents potentially malicious behavior related to file based cryptomining attacks.
- Minimum Agent version to use this Rapid Config is 8.0.0.
Feedback
thumb_up
Yes
thumb_down
No