CB Defense: Ransomware attack ran despite known malware classification on an app
book
Article ID: 290205
calendar_today
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Issue/Introduction
Events show the app reputation as Known Malware, but were able to complete
Environment
- CB Defense Console: All Versions
- CB Defense Sensor: All Versions
Cause
Policy Permission settings do not have a Terminate setting for Known Malware behaviors
Resolution
Adjust the policy settings for Known Malware to terminate based on specific Operation Attempts
Feedback
thumb_up
Yes
thumb_down
No