Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Issue/Introduction
What are the consequences if a sensor's AV signatures are out-of-date?
Environment
Carbon Black Cloud: All Versions
Endpoint Standard
Resolution
Outdated AV Signatures will only affect the reputation during local AV scanning
Even if a file does not have a reputation and is not present in AV Signatures, the reputation would be determined by cloud reputation which runs in parallel
In the event a particular application does not have a reputation applied through Hash Allow Lists or IT Tools
If the cloud reputation fails to find a reference to the hash, it will be given a Not Listed reputation, at which point, policy settings for Not Listed applications would come into play.
If the sensor is unable to reach the back-end or find a reference for the hash, it will be given an Unknown reputation, at which point the settings in the policy for Unknown application or process would come into play.
Additional Information
The local signatures contain references to fingerprints of files considered malicious. If a file is not considered malicious, it would not appear in this list. The only files missing would be any new suspicious reputations