Prevention: Process/Endpoint Restart Recommended After Upgrading Prevention to Endpoint Standard
book
Article ID: 287842
calendar_today
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)Carbon Black Cloud Prevention
Issue/Introduction
When upgrading from Prevention to Endpoint Standard, the following additional policy options will become available:
Scrapes memory of another process
Executes code from memory.
Environment
Carbon Black Cloud Console: All Versions
Carbon Black Cloud Sensor + Prevention: All Supported Versions
Cause
After completing the upgrade from Prevention to Endpoint Standard, processes will not be protected by these rules until a system restart occurs:
Microsoft Windows App Hook injection into processes require these rules
Microsoft Windows App Hook does not run in Prevention
Resolution
With the upcoming backend release (0.69 August Release), to ensure all processes have the same policy options protecting them, VMware Carbon Black recommends users restart the endpoints after upgrading from Prevention to Endpoint Standard.
Additional Information
All other current and future policy rules set will continue to apply as expected with the exception of the rules noted above.