CB Defense: Scripts are Blocked Based on Policy Rules Configured for Fileless Execution
book
Article ID: 288900
calendar_today
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Issue/Introduction
Sensor logs identify a block occurring due to detection of a fileless script
Environment
- CB Defense PSC Sensor: 3.4.x.x and lower
- Microsoft Windows: All supported versions
Cause
Sensor is misclassifying some script files as fileless when they are launched by a command interpreter
Resolution
Engineering is investigating this issue; a fix will be included in a future Sensor release
Additional Information
- This article will be updated when a Sensor is released including the fix
- Monitor Sensor release notes for the following tracking numbers to confirm fix availability
Feedback
thumb_up
Yes
thumb_down
No