Carbon Black Cloud: Alerts Started to Generated for Injecting Code into Iexplore.exe via NtQueueApcThread Post Upgrade to Sensor version 3.7
book
Article ID: 288623
calendar_today
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Issue/Introduction
After upgrading or installing the new sensor version(3.7.0.1253), Alerts are getting triggered with the following information:-
The application c:\windows\explorer.exe attempted to inject code into the process "c:\program files\internet explorer\iexplore.exe", by calling the function "NtQueueApcThread". The operation was successful.
Environment
Carbon Black Cloud (Formerly PSC) Console: All Versions
Endpoint Standard (Formerly CB Defense) Sensor: 3.7.0.1253
Microsoft Windows: All Supported Versions
Cause
The cause of this issue is currently unknown and we are investigating it in the backend.
Resolution
Carbon Black is currently investigating the root cause and fix for this issue.