EDR: Why Can IP Based Alerts Be Coming From Various Applications?
search cancel

EDR: Why Can IP Based Alerts Be Coming From Various Applications?

book

Article ID: 289193

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

EDR has been flagging a number of IP connections made by various browsers, applications (Outlook, googleupdate.exe, Malwarebytes), and the like, as threats.

Environment

EDR Server: All Supported Versions

Resolution

  • Any outbound net connection can be marked as potentially malicious if the system has not seen it before, or if the behavior appears suspicious.
  • These alerts can be marked as "False Positive" and this will stop the alert coming up again.