Carbon Black Cloud: Alerts Started to Generated for Injecting Code into Iexplore.exe via NtQueueApcThread Post Upgrade to Sensor version 3.7
search cancel

Carbon Black Cloud: Alerts Started to Generated for Injecting Code into Iexplore.exe via NtQueueApcThread Post Upgrade to Sensor version 3.7

book

Article ID: 288623

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

After upgrading or installing the new sensor version(3.7.0.1253), Alerts are getting triggered with the following information:-
  
The application c:\windows\explorer.exe attempted to inject code into the process "c:\program files\internet explorer\iexplore.exe", by calling the function "NtQueueApcThread". The operation was successful.

 

Environment

  • Carbon Black Cloud (Formerly PSC) Console: All Versions
  • Endpoint Standard (Formerly CB Defense) Sensor: 3.7.0.1253
  • Microsoft Windows: All Supported Versions

Cause

The cause of this issue is currently unknown and we are investigating it in the backend.

Resolution

Carbon Black is currently investigating the root cause and fix for this issue. 
Powered by Wolken Software