Endpoint Standard: 9th February 2021: Microsoft Office temp files being identified as Potential Malware.
search cancel

Endpoint Standard: 9th February 2021: Microsoft Office temp files being identified as Potential Malware.

book

Article ID: 291016

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense)

Issue/Introduction

  • On the 9th of February 2021, Microsoft Office temporary files started being blocked.
  • These files were alerted in the console as 'Potential Malware'. 
  • This issue is affecting a small subset of customers.

Environment

  • Carbon Black Cloud Console : All Versions
  • Endpoint Standard Sensor: 3.6.0.1897 and above
  • Microsoft Windows: All Supported Versions
  • Microsoft Office

Cause

This issue is related to an AMSI rules rollout that took place on 9th February 2021.

Resolution

  • The rules have been rolled back as of 11th February 2021 around 6pm ET.
  • If blocking continues
    1. Capture a Procmon and all files outlined in https://community.carbonblack.com/t5/Knowledge-Base/Carbon-Black-Cloud-How-to-Collect-Process-Monitor-Logs-Windows/ta-p/66177
    2. Open a case with Carbon Black Technical Support
Powered by Wolken Software