Prevention: Process/Endpoint Restart Recommended After Upgrading Prevention to Endpoint Standard
search cancel

Prevention: Process/Endpoint Restart Recommended After Upgrading Prevention to Endpoint Standard

book

Article ID: 287842

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Prevention

Issue/Introduction

  • When upgrading from Prevention to Endpoint Standard, the following additional policy options will become available:
    • Scrapes memory of another process
    • Executes code from memory.

Environment

  • Carbon Black Cloud Console: All Versions
  • Carbon Black Cloud Sensor + Prevention: All Supported Versions

Cause

After completing the upgrade from Prevention to Endpoint Standard, processes will not be protected by these rules until a system restart occurs:
  • Microsoft Windows App Hook injection into processes require these rules
  • Microsoft Windows App Hook does not run in Prevention

Resolution

With the upcoming backend release (0.69 August Release), to ensure all processes have the same policy options protecting them, VMware Carbon Black recommends users restart the endpoints after upgrading from Prevention to Endpoint Standard.

Additional Information

All other current and future policy rules set will continue to apply as expected with the exception of the rules noted above.