EDR: Tamper Detection Alerts Being Received When Sensors Do Not Have Tamper Detection Enabled
book
Article ID: 287294
calendar_today
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
Tamper detection alerts being received in EDR UI when sensors do not have Tamper Detection enabled.
Environment
- EDR Server: 7.4.0 and Higher
- EDR Sensor: 7.2.0 and Higher
Cause
The cbtamper Threat Intel Feed is enabled, which is generating the alerts shown in the EDR UI.
Resolution
Disable the cbtamper Threat Intel Feed:
- In EDR UI, Go To "Threat Intelligence" section of UI.
- Find "Tamper Detection" threat intelligence feed panel.
- Uncheck box for "Enabled" to disable the feed.
Additional Information
Do not disable this feed without first discussing the ramifications thereof with the SOC.
Feedback
thumb_up
Yes
thumb_down
No