Increase in "Suspect_Malware" false positive reputation assignments on script files
search cancel

Increase in "Suspect_Malware" false positive reputation assignments on script files

book

Article ID: 380707

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard Carbon Black App Control Carbon Black Cloud Audit and Remediation Carbon Black Cloud Container Carbon Black Cloud Enterprise EDR Carbon Black Cloud Managed Detection (formerly Cb Threatsight) Carbon Black Cloud Workload

Issue/Introduction

There have been an increase in false positive "Suspect_Malware" reputation assignments to script files since the Carbon Black products were migrated to the Symantec Cynic backend.

Environment

  • Carbon Black Cloud Console: Current Version
  • Carbon Black App Control Server: All Supported Versions
  • Symantec Cynic Reputation Service

Cause

A class of reputation has been identified by the Symantec Cynic team, who changed the behavior for this class.  

Resolution

A fix was deployed to the Symantec Cynic backend on October 28th 2024 around 9:30am ET to correct this behavior. This is NOT a retroactive fix and will only address script files from that point in time forward. All currently affected false positive reputation files will need to be submitted to the Symantec submission portal for analysis.