CB Defense: Process Terminated For Incorrect PID
Article ID: 287030
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Issue/Introduction
Intermittent terminations for processes that do not match applied Policy rules and Reputations
Environment
- CB Defense PSC Sensor: 3.1 - 3.4.0.962
- Microsoft Windows: All Supported Versions
Cause
- A new process receives a recycled PID that the Sensor previously associated with another process and reputation
- The Sensor applies policy to the new process based on the previous processes reputation
Resolution
The issue is resolved with Sensor version 3.4.0.1016 and higher
Additional Information
- This issue could potentially happen to any earlier version of the Sensor based on how it handles PIDs
- Services are more likely to be effected due to reuse of PIDs for short lived processes
Feedback
Yes
No
Powered by
