Increase in "Suspect_Malware" false positive reputation assignments on script files
book
Article ID: 380707
calendar_today
Updated On:
Products
Carbon Black Cloud Endpoint StandardCarbon Black App ControlCarbon Black Cloud Audit and RemediationCarbon Black Cloud ContainerCarbon Black Cloud Enterprise EDRCarbon Black Cloud Managed Detection (formerly Cb Threatsight)Carbon Black Cloud Workload
Issue/Introduction
There have been an increase in false positive "Suspect_Malware" reputation assignments to script files since the Carbon Black products were migrated to the Symantec Cynic backend.
Environment
Carbon Black Cloud Console: Current Version
Carbon Black App Control Server: All Supported Versions
Symantec Cynic Reputation Service
Cause
A class of reputation has been identified by the Symantec Cynic team, who changed the behavior for this class.
Resolution
A fix was deployed to the Symantec Cynic backend on October 28th 2024 around 9:30am ET to correct this behavior. This is NOT a retroactive fix and will only address script files from that point in time forward. All currently affected false positive reputation files will need to be submitted to the Symantec submission portal for analysis.