Carbon Black Cloud: Do TAU-TIN Hashes Need to be Manually Banned?
search cancel

Carbon Black Cloud: Do TAU-TIN Hashes Need to be Manually Banned?

book

Article ID: 289367

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense)

Issue/Introduction

Do Known_Malware hash IOC's from TAU-TIN reports need to be banned or should the CDC reputation be known_malware already?

Environment

  • Carbon Black Cloud: All Supported Versions

Resolution

  • IOC's within TAU-TIN reports should already have had the online reputation be updated to known_malware (if that is what the IOC was listed as)
  • It may not be necessary to have to manually ban the IOC's to prevent them from running depending on the policy settings

Additional Information

  • Company_banned reputation has a higher priority then known_malware and has a different policy setting
  • If a TAU-TIN IOC is listed but the backend reputation doesn't appear to match please reach out as this may be in error
Powered by Wolken Software