EDR: Sensor Did Not Detect Hashes Flagged As Malware By Symantec Endpoint Protection
Article ID: 287279
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
- Symantec Endpoint Protection alerts on specific hashes in environment
- No alerts in EDR console regarding same hashes flagged by Symantec
- Reputation results show the following when reviewing hashes using ReputationBot: Alternative hash: md5: unknown Last update time: n/a CbR threat score: None
Environment
- EDR Server: 7.2.0 and Higher
- EDR Sensor: 7.1.1 and Higher
Cause
Hashes specified are not seen by EDR reputation trust/threat feeds to be able to create any alert.
Resolution
Contact Support with filenames and hashes to request the reputation of the hashes be checked against CDC.
Additional Information
Hash reputations cannot be checked manually within the EDR console.
Feedback
Yes
No
Powered by
