EDR: Sensor Did Not Detect Hashes Flagged As Malware By Symantec Endpoint Protection
book
Article ID: 287279
calendar_today
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
Symantec Endpoint Protection alerts on specific hashes in environment
No alerts in EDR console regarding same hashes flagged by Symantec
Reputation results show the following when reviewing hashes using ReputationBot: Alternative hash: md5: unknown Last update time: n/a CbR threat score: None
Environment
EDR Server: 7.2.0 and Higher
EDR Sensor: 7.1.1 and Higher
Cause
Hashes specified are not seen by EDR reputation trust/threat feeds to be able to create any alert.
Resolution
Contact Support with filenames and hashes to request the reputation of the hashes be checked against CDC.
Additional Information
Hash reputations cannot be checked manually within the EDR console.