Carbon Black Cloud: The application [application] spawned [child application] while spoofing the parent PID of [other application]
book
Article ID: 289338
calendar_today
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Environment
- Carbon Black Cloud Windows Sensor: 3.9.x and Higher
Cause
This is being looked into with EA-22653
Resolution
- A workaround may be to add the parent to the Approved List
- In the specific example above adding msedge_proxy.exe to the approved list may reduce these alerts
- Please pull sensor logs and if possible reproduce the issue with procmon
Feedback
thumb_up
Yes
thumb_down
No