CB Defense: Ransomware attack ran despite known malware classification on an app
Article ID: 290205
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Issue/Introduction
Events show the app reputation as Known Malware, but were able to complete
Environment
- CB Defense Console: All Versions
- CB Defense Sensor: All Versions
Cause
Policy Permission settings do not have a Terminate setting for Known Malware behaviors
Resolution
Adjust the policy settings for Known Malware to terminate based on specific Operation Attempts
Feedback
Yes
No
Powered by
