CB Defense: Why didn't the sensor catch ransomware simulation tests?

search cancel

CB Defense: Why didn't the sensor catch ransomware simulation tests?

book

Article ID: 290110

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense)

Issue/Introduction

Why didn't the sensor terminate tests run by ransomware simulators?

Environment

CB Defense Sensor: All Versions
CB Defense Console: All Versions

Resolution

Many ransomware simulators will run in an isolated folder created by the simulation rather than touching true user files. Defense will log updates to these files, but will not consider it ransomware until an actual user file is touched.

Feedback

thumb_up Yes

thumb_down No