EDR: Why Can IP Based Alerts Be Coming From Various Applications?
book
Article ID: 289193
calendar_today
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
EDR has been flagging a number of IP connections made by various browsers, applications (Outlook, googleupdate.exe, Malwarebytes), and the like, as threats.
Environment
EDR Server: All Supported Versions
Resolution
Any outbound net connection can be marked as potentially malicious if the system has not seen it before, or if the behavior appears suspicious.
These alerts can be marked as "False Positive" and this will stop the alert coming up again.