CB Defense: How to Delete Malicious Files through the Dashboard
search cancel

CB Defense: How to Delete Malicious Files through the Dashboard

book

Article ID: 292433

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense)

Issue/Introduction

To delete malicious file from within the CB Defense dashboard. There are multiple ways to delete applications, from the alerts page, the investigate page and the malware removal page.

Environment

  • CB Defense PSC Console: All Versions

Resolution

 

Steps From the Alerts Page 

1. Navigate to the Alerts page.
2. Click on an Alert to select it.  The selected Alert will be highlighted in blue and tabs for Primary Process and Notes/Tags will appear.
3. Click on the Actions Dropdown button
4. Select Delete Application from the Dropdown menu. A pop-up modal window will ask you to confirm that you want to delete the selected application.  For administrative purposes, you may add a descriptive note.
5. Click on the Delete button to confirm the deletion.  The application will be deleted one time, from this device only. 
6. A message will pop up to confirm that the request to delete the application has been sent to the device.
 

From the Investigate Page

1. Navigate to the Investigate page.
2. Click on an Event associated with the application you would like to delete in order to select it.  The selected Event will be highlighted in blue and tabs for Event Timeline, Device, and Selected Application will appear.  Depending on the event you are investigating, you may also see tabs for Target Application, Parent Application, Threat, and Notes/Tags.
3. Click on the Actions Dropdown button.
4. Select Delete Application from the Dropdown menu. A pop-up modal window will ask you to confirm that you want to delete the selected application. For administrative purposes, you may add a descriptive note.
5. Click on the Delete button to confirm the deletion.  The application will be deleted one time, from this device only. 
6. A message will pop up to confirm that the request to delete the application has been sent to the device.

 

To Delete from Malware Removal Page

Please visit the article here

Additional Information

 

What Deletion Does

It only deletes files based on the specific hash requested to delete.  The sensor will also delete any copies of the hash which have already been identified by at least one of the methods listed below:

  • The hash was identified by the sensor during the background scan.
  • The hash was directly accessed after the sensor was installed.

The sensor does NOT:

  • Clean up directories
  • Clean up registry keys
  • Clean up dcom registration

To Confirm Deletion

Applications that have been deleted will appear in the Audit Log along with the Time the delete request was sent to the sensor, the IP address the request was sent from, the Administrator who sent the request, and the hash of the deleted application.

Powered by Wolken Software