Increase in "Suspect_Malware" false positive reputation assignments on script files
Article ID: 380707
Updated On:
Products
Carbon Black Cloud Endpoint Standard
Carbon Black App Control
Carbon Black Cloud Audit and Remediation
Carbon Black Cloud Container
Carbon Black Cloud Enterprise EDR
Carbon Black Cloud Managed Detection (formerly Cb Threatsight)
Carbon Black Cloud Workload
Issue/Introduction
There have been an increase in false positive "Suspect_Malware" reputation assignments to script files since the Carbon Black products were migrated to the Symantec Cynic backend.
Environment
- Carbon Black Cloud Console: Current Version
- Carbon Black App Control Server: All Supported Versions
- Symantec Cynic Reputation Service
Cause
A class of reputation has been identified by the Symantec Cynic team, who changed the behavior for this class.
Resolution
A fix was deployed to the Symantec Cynic backend on October 28th 2024 around 9:30am ET to correct this behavior. This is NOT a retroactive fix and will only address script files from that point in time forward. All currently affected false positive reputation files will need to be submitted to the Symantec submission portal for analysis.
Feedback
Yes
No
Powered by
