Cb Defense: Signed Application Information Differs Between Endpoint and PSC Console
Article ID: 292137
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Issue/Introduction
- You examine an application in PSC console
- The "signed by" field in the application details do not match the details provided when you examine the security details of the file on the endpoint
Environment
- Cb Defense PSC Console: All Versions
- Cb Defense Sensor: All Supported Versions
- Microsoft Windows: All Supported Versions
- Apple MacOS: All Supported Version
Cause
- File details ( name, hash, certificate details) have changed since the file was last reported on the backend.
Resolution
- This is a temporary condition that will correct itself once the new file details are sent and ingested by the console.
- If certificate reputation is affected, please add the new certificate to the whitelist/blacklist as necessary.
Additional Information
- This can happen if an application is renamed or it's details changed on the endpoint.
- This can be typically seen if an application has been re-branded by the publisher.
Feedback
Yes
No
Powered by
