System launching procexp152.sys generates alert/block
search cancel

System launching procexp152.sys generates alert/block

book

Article ID: 367690

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter) Carbon Black Cloud Workload

Issue/Introduction

Alert/blocks are generated against procexp152.sys, executed by System user.  

Environment

  • Carbon Black Cloud Sensor: 3.9.2 Windows sensor and earlier
  • Windows:  All supported versions

Cause

Tracked as a defect: DSEN-25222.  

Resolution

Upgrade to 4.0 Windows sensor or later, where DSEN-25222 has been fixed.

Additional Information

Powered by Wolken Software