Files Show Up In Malware Deleted Tab But No Evidence Of How They Were Deleted
search cancel

Files Show Up In Malware Deleted Tab But No Evidence Of How They Were Deleted

book

Article ID: 371289

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense)

Issue/Introduction

Why are files moved from Malware Detected to Malware Deleted if a deletion request was not sent from the console?

Environment

  • Carbon Black Cloud Windows Sensor: All Supported Versions

Cause

If the sensor detects that the file is no longer there it will report the file as deleted regardless of why the file was deleted

Resolution

  • Check if there is an event ID 17 in the application event log for cbdefense this will indicate if the sensor deleted it
  • If this event is not there then likely another application or user deleted the file
Powered by Wolken Software