An application (such as anydesk.exe) is found running (has filemod and/or netconn events), even though it's been added to the Company Blacklist

• Carbon Black Cloud Sensor: All Supported Versions

• Application is installed as a service and is starting before the sensor can provide reputation to kernel to terminate it.
• Carbon Black Cloud will disable services connected to KNOWN_MALWARE , but does not currently do so for applications marked as COMPANY_BLACK_LIST

1. Confirm the application is installed as a service in Sysinfo > Software Environment > Services
2. Uninstall the application in question. Live Response can be used to do so remotely.
3. If you'd like Carbon Black Cloud to disable services marked as COMPANY_BLACK_LIST, request it via a Feature Request.