Carbon Black Cloud: Signed Files Blocked by CBC sensor Due to Unknown Reputation
Article ID: 288912
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Issue/Introduction
- Newly dropped files are blocked due to sharing violations when the Sensor attempts to extract signature information
- The sensor does not retry the certificate check and applies an Unknown reputation
- If no other reputation source (such as Cloud) provides a better reputation, the process starts with the Unknown reputation and may be blocked
Environment
- Carbon Black Cloud Console: All versions
- Carbon Black Cloud Sensor: 3.4.x.x
- Microsoft Windows: All supported versions
Cause
This is a known issue currently under investigation
Resolution
- This issue will be addressed in a future sensor release
- This article will be updated when the fix is available
Additional Information
- Enabling "Delay Execute For Cloud Scan" will help prevent these blocks because the Sensor is more likely to obtain a Cloud reputation
- Offline Sensors and Sensor with connectivity issues may be more prone to these blocks due to inability to obtain a Cloud reputation
Feedback
Yes
No
Powered by
