CB Defense: Remote WMI Management Process is Prevented From Working
Article ID: 290131
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Issue/Introduction
- Remote WMI Process is prevented from completing task
- Console shows lots of Network related blocks from Powershell by the CB Defense Sensor
Environment
- CB Defense Sensor: 3.3.0.984
- Microsoft Windows: All Supported Versions
Cause
- Policy Rule in place for Denying Operations when applications at path *\powershell*.exe, Communicates over the Network
- As part of the Remote WMI process, it calls for Powershell to communicate over the network, and is prevented from doing so by the Policy rule noted above
Resolution
- Remove the operation attempt 'Communicates over the Network', from the Policy rule where applications at path *\powershell*.exe, Deny Operation
Feedback
Yes
No
Powered by
