Endpoint Standard: Why is malware_drop Not Being Caught by the Policy?
book
Article ID: 289413
calendar_today
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Issue/Introduction
There is a malware drop but there doesn't appear to be any actions taken by the sensor
Environment
- Carbon Black Cloud Console: All Versions
- Endpoint Standard Sensor: All Versions
Resolution
- This is because the sensor is monitoring the creation of the file and Alerting on it
- The Sensor will only take an action if the file with a malware reputation actually attempts to execute
Additional Information
Policy Action: NOT_APPLIED may show up in a SIEM
Feedback
thumb_up
Yes
thumb_down
No