Endpoint Standard: What are the consequences of out-of-date signatures?
search cancel

Endpoint Standard: What are the consequences of out-of-date signatures?

book

Article ID: 290011

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense)

Issue/Introduction

What are the consequences if a sensors AV signatures are out-of-date?

Environment

  • Carbon Black Cloud: All Versions
    • Endpoint Standard

Resolution

  • Outdated AV Signatures will only affect the reputation during local AV scanning
  • Even if a file does not have a reputation and is not present in AV Signatures, the reputation would be determined by cloud reputation which runs in parallel
  • In the event a particular application does not have a reputation applied through Hash Allow Lists or IT Tools
    • If the cloud reputation fails to find a reference to the hash, it will be given a Not Listed reputation, at which point, policy settings for Not Listed applications would come into play.
    • If the sensor is unable to reach the back-end or find a reference for the hash, it will be given an Unknown reputation, at which point the settings in the policy for Unknown application or process would come into play.

Additional Information

The local signatures contain references to fingerprints of files considered malicious. If a file is not considered malicious, it would not appear in this list. The only files missing would be any new suspicious reputations