All Products: How To Check Filter Level Drivers and Elevation
Article ID: 289269
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Carbon Black EDR (formerly Cb Response)
Carbon Black Hosted EDR (formerly Cb Response Cloud)
Issue/Introduction
Check to see what drivers are installed and their elevations to determine if one security software is detecting an event before another
Environment
- Microsoft Windows: All Supported Versions
Resolution
- Run CMD as Administrator
- FLTMC filters
- Each filter level driver will be listed with its elevation
- Lower elevations will see an event before higher elevations
- If a file is deleted by a lower level elevation driver then a higher elevation driver may not see that file
Feedback
Yes
No
Powered by
