CB Defense: Why are Some Microsoft Office 365 Updates Blocked?
book
Article ID: 288923
calendar_today
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Issue/Introduction
Why are some Microsoft Office 365 updates blocked when launched through the OfficeClickToRun.exe update mechanism?
Environment
- CB Defense Sensor: All versions
- CB Defense PSC Console: All versions
- Micorosft Windows: All supported versions
- Microsoft Office 365
Resolution
These updates may include unsigned, new files such as ChakraCore.dll that are open source and initially flagged as PUPs
Additional Information
- Since these files are unsigned and open source, the PUP reputation is initially applied
- Initially trusting these files carries risk in case of supply chain compromise of open source software
- Once the files are ingested into the CDC-R, the reputation should be updated
Feedback
thumb_up
Yes
thumb_down
No