App Control: Why is Parity.sys seen in a System process's stack trace if that file/directory is excluded via a rule?
search cancel

App Control: Why is Parity.sys seen in a System process's stack trace if that file/directory is excluded via a rule?

book

Article ID: 290092

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

Why is Parity.sys seen in a System process's stack trace if that file/directory is excluded via a rule?

Environment

  • App Control Agent: All Versions
  • App Control Console: All Versions
  • App Control Server: All Versions
  • Microsoft Windows: All Supported Versions

Resolution

It is expected that Parity.sys will touch the file/directory in an excluded folder when there is a file operation performed on that folder.
 

Additional Information

This occurs so that the console has the information it needs to match it against the existing kernel exclusions. If the path matches the exclusion then the operation is ignored and no further analysis happens.
Powered by Wolken Software