Why is 'malware_drop' not being caught by the sensor policy?
Article ID: 289413
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Issue/Introduction
There is a malware drop but there doesn't appear to be any actions taken by the sensor
Environment
- Carbon Black Cloud Console: All Versions
- Endpoint Standard Sensor: All Versions
Cause
The sensor is monitoring the creation of the file and alerting on that action.
Resolution
The Sensor will only take an action if the file with a malware reputation actually attempts to execute.
Additional Information
Policy Action: NOT_APPLIED may show up in a SIEM
Feedback
Yes
No
Powered by
