Consequences of out-of-date signatures
Article ID: 290011
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Issue/Introduction
What are the consequences if a sensor's AV signatures are out-of-date?
Environment
- Carbon Black Cloud: All Versions
- Endpoint Standard
Resolution
- Outdated AV Signatures will only affect the reputation during local AV scanning
- Even if a file does not have a reputation and is not present in AV Signatures, the reputation would be determined by cloud reputation which runs in parallel
- In the event a particular application does not have a reputation applied through Hash Allow Lists or IT Tools
- If the cloud reputation fails to find a reference to the hash, it will be given a Not Listed reputation, at which point, policy settings for Not Listed applications would come into play.
- If the sensor is unable to reach the back-end or find a reference for the hash, it will be given an Unknown reputation, at which point the settings in the policy for Unknown application or process would come into play.
Additional Information
The local signatures contain references to fingerprints of files considered malicious. If a file is not considered malicious, it would not appear in this list. The only files missing would be any new suspicious reputations
Feedback
Yes
No
Powered by
