logo

Knowledge Base

Access official resources from Carbon Black experts

Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

App Control: Why did another security application on an endpoint block malware and the App Control agent did not?

App Control: Why did another security application on an endpoint block malware and the App Control agent did not?

Environment

  • App Control (formerly CB Protection) agent: All supported versions

Question

Why did another security application on an endpoint block malware and the App Control agent did not

Answer

  • One common reason is the antivirus on the endpoint has a higher filter driver altitude than the App Control Agent and acted first 
  • The agent did not have time to act on the malware because the AV hooked and quarantined the file before the agent could scan it
  • This does not mean the App Control Agent would not have caught the malware if the the antivirus did not
  • With the proper antivirus exclusions in place the App Control agent would not scan processes from another security application on an endpoint

Additional Notes

This is one explanation for one possible scenario however not the only ecplination. Agent logs will provide more information if necessary

Related Content


Labels (1)
Labels:
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎02-18-2021
Views:
512
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.