Endpoint Standard: Alert blocking generated for TCP connections in policy with not network blocking rules
Article ID: 290171
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Issue/Introduction
- Windows application event logs show network connections blocked by Cb Defense
- Console has alerts for TCP connections blocked for policies that do not have rules to block network connections
Environment
- Carbon Black Cloud Console
- Endpoint Standard Sensor: All Supported Versions
Cause
Device was / is in quarantine at the time of blocks.
Resolution
This is behaving as expected when a device is in quarantine. Removing quarantine will allow the network connections to resume as normal
Feedback
Yes
No
Powered by
