Endpoint Standard: Why is malware_drop Not Being Caught by the Policy?
search cancel

Endpoint Standard: Why is malware_drop Not Being Caught by the Policy?

book

Article ID: 289413

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense)

Issue/Introduction

There is a malware drop but there doesn't appear to be any actions taken by the sensor

Environment

  • Carbon Black Cloud Console: All Versions
  • Endpoint Standard Sensor: All Versions

Resolution

  • This is because the sensor is monitoring the creation of the file and Alerting on it
  • The Sensor will only take an action if the file with a malware reputation actually attempts to execute

Additional Information

Policy Action: NOT_APPLIED may show up in a SIEM