CB ThreatHunter: CB Defense Blocks Occurring in CB ThreatHunter Only Org
Article ID: 288904
Updated On:
Products
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Issue/Introduction
- Alerts for termination events or other blocks are shown in the Console
- Alerts are related so memory scraping of lsass.exe
- There are no options in Policies to configure rules
Environment
- CB ThreatHunter Console: All versions
- CB ThreatHunter PSC Sensor: All versions
Cause
There was likely in error in organization provisioning wherein CB Defense rules were not disabled
Resolution
Please open a support case so CB Defense rules can be disabled
Feedback
Yes
No
Powered by
