CBC: Why is the CVE Still Showing After Deploying the Patch?
search cancel

CBC: Why is the CVE Still Showing After Deploying the Patch?


Article ID: 287645


Updated On:


Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)


The patch for the CVE was deployed; Why is it still showing?


  • Carbon Black Cloud:  All Products


Troubleshooting steps for Windows endpoints:
     1.  Navigate to the specific CVE.   For example:
     2.  If a patch is available, then it should be linked from that site.  Continuing with the example: 
      3.  Locate the OS and KB required to resolve. 
      4.  On the impacted system type:  (KB case sensitive)
dism /online /get-packages | findstr KB2894856

     5.  If the KB is not listed, then it may not be installed and should be installed.

  • Some KB's are included in rollups and may not be searchable the same way;  May require further investigation.

     6.  If the patch was installed, then determine if the Console has had enough time to update the sensor status.

Use Live Query to pull the patch information.

     7.  Please open a CB Support case if Live Query is working, CBC has had time to scan, and the CBC Console continues to report the impacted machine is vulnerable.