Carbon Black Cloud Endpoint Standard: Does The Carbon Black Cloud Sensor Capture Malicious JS File In Browser Events?
book
Article ID: 287817
calendar_today
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Issue/Introduction
Will a Carbon Black Cloud Sensor log when JS or any other script-like files hosted on a website run in the browser?
Environment
Carbon Black Cloud Endpoint Standard Sensor: All Supported Versions
Carbon Black Cloud Web Console: All Versions
Resolution
This is currently not supported. VMware is currently investigating in expanding the sensor capability to treat the browser as a host for these scripts in a future sensor version.
Additional Information
In the event of code from a remote site trying to execute malicious actions on a Carbon Black Cloud protected endpoint, the sensor will still monitor reputation and execution of any files downloaded to the endpoint or executed locally from the browser which should mitigate direct attacks but will not prevent a phishing attack.