Endpoint Standard: Why was a file drop for Known Malware not blocked?
search cancel

Endpoint Standard: Why was a file drop for Known Malware not blocked?

book

Article ID: 285945

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense)

Issue/Introduction

Why was a file classified as Known Malware allowed to be dropped on an endpoint? 

Environment

  • Endpoint Standard (Formerly CB Defense) Sensor: All Versions

Resolution

Sensors will not block the action of dropping a file. If the file were to execute, the sensor would handle the malware based on the sensor's group policy settings.

Additional Information

  • To prevent attacks from the file, keep sensors up-to-date with a recent sensor version and ensure policies take action for Known Malware applications.
  • Once the file is dropped, the file will be isolated in place based on policy actions rather than being moved to a specific isolation folder
  • Endpoint Standard sensor will not remove files detected as known malware. Deletion of malware requires administrative intervention
  • The file drop alert will show a status of Ran. This applies to the action of dropping the file and not the malicious file being run
  • Company-Banned files are treated the same way as Known Malware in this article's context.
Powered by Wolken Software