EDR: CB Banning reports blocks on MD5s that are not banned
Article ID: 291988
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
- Reported MD5 blocked does not appear in the banning list
- Process shows blocked process events with registry paths
- Converting the blocked MD5 from hexcode to ASCII reveals that it is actually a registry command
Environment
- EDR Sensor: Upgrade from 6.2.3 to 7.0.x (formerly CB Response)
- Microsoft Windows: All Supported Versions
Cause
Version mismatch between cb.exe and cbk7.sys
Resolution
Upgrade to sensor version 7.1 or higher
Feedback
Yes
No
Powered by
