CB Defense: Do “Blocking and Isolation – Communicates Over the Network” Rules Work for File Shares?
search cancel

CB Defense: Do “Blocking and Isolation – Communicates Over the Network” Rules Work for File Shares?

book

Article ID: 288350

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense)

Issue/Introduction

Do "Blocking and Isolation - Communicates over the network" rules work for File Shares?

Environment

  • CB Defense Sensor: All Supported Versions
  • Microsoft Windows: All Supported Versions

Resolution

The current CB Defense network rules only apply if the process specified in the rule is performing the network operation. If the files are served up via SMB (passing network task to the "System" process) the action will not be stopped.

Additional Information

Gathering a procmon capture and looking for tcp send/receive operations will help determine what process is performing the network operation.
Powered by Wolken Software