Prevention: Process/Endpoint Restart Recommended After Upgrading Prevention to Endpoint Standard
Article ID: 287842
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Carbon Black Cloud Prevention
Issue/Introduction
- When upgrading from Prevention to Endpoint Standard, the following additional policy options will become available:
- Scrapes memory of another process
- Executes code from memory.
Environment
- Carbon Black Cloud Console: All Versions
- Carbon Black Cloud Sensor + Prevention: All Supported Versions
Cause
After completing the upgrade from Prevention to Endpoint Standard, processes will not be protected by these rules until a system restart occurs:
- Microsoft Windows App Hook injection into processes require these rules
- Microsoft Windows App Hook does not run in Prevention
Resolution
With the upcoming backend release (0.69 August Release), to ensure all processes have the same policy options protecting them, VMware Carbon Black recommends users restart the endpoints after upgrading from Prevention to Endpoint Standard.
Additional Information
All other current and future policy rules set will continue to apply as expected with the exception of the rules noted above.
Feedback
Yes
No
Powered by
