CB Response: False Positives from Multiple Domain List (MDL) Feed
search cancel

CB Response: False Positives from Multiple Domain List (MDL) Feed

book

Article ID: 290687

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

  • Receiving false positive from MDL feed.
  • Reports from MDL are suddenly noisy.

Environment

  • CB Response Server: All Versions
  • Multiple Domain List (MDL) feed enabled

Cause

  • The MDL website is no longer being updated, this feed has been deprecated and is scheduled to be removed on 4/1/19. 

Resolution

  1. Performing a 'Full Sync' is suggested, this will clear any reports received from the feed,
    1. Click on Threat Intelligence icon.
    2. Find MDL feed > click Actions
    3. Click on 'Full Sync'
  2. Disabling or Removing the MDL feed will have the same effect.
Powered by Wolken Software