CB Defense: Scripts are Blocked Based on Policy Rules Configured for Fileless Execution
Article ID: 288900
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Issue/Introduction
Sensor logs identify a block occurring due to detection of a fileless script
Environment
- CB Defense PSC Sensor: 3.4.x.x and lower
- Microsoft Windows: All supported versions
Cause
Sensor is misclassifying some script files as fileless when they are launched by a command interpreter
Resolution
Engineering is investigating this issue; a fix will be included in a future Sensor release
Additional Information
- This article will be updated when a Sensor is released including the fix
- Monitor Sensor release notes for the following tracking numbers to confirm fix availability
- DSEN-5225
- EA-13312
Feedback
Yes
No
Powered by
