CB Response: False Positive Alerts from Community Feed
search cancel

CB Response: False Positive Alerts from Community Feed

book

Article ID: 287800

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

  • Alerts from Threat Report "Suspicious Utility Manager Process" are known good utilman.exe processes
  • Alerts on utilman.exe shows the file description as "Utility Manager" and is still being flagged in┬áthe "Monitoring Renamed Windows Accessibility programs" Threat Report:
    process_name:utilman.exe -file_desc:"Utility Manager"

Environment

  • CB Response Server: 6.2.X

Cause

Poor performance of queries with modloads in versions prior to Response Server 6.3.

Resolution

Upgrade to Response Server 6.3 or higher.

Additional Information

This was identified as: CB-14781