CB Response: Tamper Alerts Triggering When Option To Create Alerts Is Unchecked
search cancel

CB Response: Tamper Alerts Triggering When Option To Create Alerts Is Unchecked

book

Article ID: 287151

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

Tamper alerts are being triggered from a watchlist created from the CB Tamper Detection Threat Intel Feed, however the option to create alerts on the watchlist is not checked.

Environment

  • CB Response Server: 6.4.1

Cause

Related to known issue with updating watchlists: CB-27880.

Resolution

  • Delete watchlist created from CB Tamper Detection Threat Intel Feed.
  • Recreate watchlist from CB Tampert Detection Threat Intel Feed.
Powered by Wolken Software