CB Defense: False positive ransomware alerts for applications accessing disk space

CB Defense: False positive ransomware alerts for applications accessing disk space

search cancel

CB Defense: False positive ransomware alerts for applications accessing disk space

book

Article ID: 290448

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense)

Issue/Introduction

Alert reason says 'The application attempted to access the raw disk on the device. This is potentially due to Ransomware'

Environment

CB Defense Sensor: 3.1.0 and above

Cause

This is a known issue tracked with the ID, DSEN-1987

Resolution

If the alert is a known false positive, the alert can be dismissed for that and all future devices by selecting the check box next to "If this alert occurs in the future, automatically dismiss it from all devices"

Feedback

thumb_up Yes

thumb_down No