EDR: Why Can IP Based Alerts Be Coming From Various Applications?
Article ID: 289193
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
EDR has been flagging a number of IP connections made by various browsers, applications (Outlook, googleupdate.exe, Malwarebytes), and the like, as threats.
Environment
EDR Server: All Supported Versions
Resolution
- Any outbound net connection can be marked as potentially malicious if the system has not seen it before, or if the behavior appears suspicious.
- These alerts can be marked as "False Positive" and this will stop the alert coming up again.
Feedback
Yes
No
Powered by
