CB Response: False Positive Alerts from Community Feed
Article ID: 287800
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
- Alerts from Threat Report "Suspicious Utility Manager Process" are known good utilman.exe processes
- Alerts on utilman.exe shows the file description as "Utility Manager" and is still being flagged in the "Monitoring Renamed Windows Accessibility programs" Threat Report:
process_name:utilman.exe -file_desc:"Utility Manager"
Environment
- CB Response Server: 6.2.X
Cause
Poor performance of queries with modloads in versions prior to Response Server 6.3.
Resolution
Upgrade to Response Server 6.3 or higher.
Additional Information
This was identified as: CB-14781
Feedback
Yes
No
Powered by
