Endpoint Standard: Sudden Increase in Blocking Alerts Since 23-Feb-2022
book
Article ID: 289628
calendar_today
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Issue/Introduction
- POLICY_DENY is sole TTP linked to Alerts
- Sudden increase in Alerts since 23-Feb-2022
- Alerts are all for blocking Events which previously were not Alerts
Environment
- Carbon Black Cloud Console: 24-Jan-2022 Release (v0.74.x) and Higher
- Carbon Black Cloud Sensor: All Versions
- Apple macOS: All Supported Versions
- Linux: All Supported Versions
- Microsoft Windows: All Supported Versions
Cause
The Carbon Black Cloud Analytics engine was updated to resolve a defect where fewer POLICY_DENY actions were being alerted
Resolution
Working as designed since deployment of fix tracked under DSER-36903
Feedback
thumb_up
Yes
thumb_down
No