CB Defense: Node Application is Blocked Despite Permission Rules
search cancel

CB Defense: Node Application is Blocked Despite Permission Rules

book

Article ID: 287032

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense)

Issue/Introduction

  • The Node application is blocked despite the presence of path-based Permission Rules
  • The blocks are typically caused by Node accessing .jpg or Microsoft Office files and are blocked due to "Performs ransomware-like behavior" rules

Environment

  • CB Defense PSC Console: All versions
  • CB Defense PSC Sensor: 3.2.x.x and lower
  • Apple macOS: All supported versions

Cause

This is a known issue that has been investigated and is addressed in the 3.3.2.58 Sensor (with further improvements in upcoming release 3.3.3.x)

Resolution

Upgrade Sensor to 3.3.2.58 or higher

Additional Information

  • If full permission bypass has been granted to the Node application, a Permission rule forĀ  "Performs ransomware-like behavior" can be used to narrow scope
  • If issues persist after upgrading Sensor to 3.3.2.58 and a Permission rule is in place, this is likely an edge-case scenario that will be addressed in the 3.3.3.x Sensor release (DSEN-2966)