Environment
- App Control (formerly CB Protection) agent: All supported versions
Question
Why did another security application on an endpoint block malware and the App Control agent did not
Answer
- One common reason is the antivirus on the endpoint has a higher filter driver altitude than the App Control Agent and acted first
- The agent did not have time to act on the malware because the AV hooked and quarantined the file before the agent could scan it
- This does not mean the App Control Agent would not have caught the malware if the the antivirus did not
- With the proper antivirus exclusions in place the App Control agent would not scan processes from another security application on an endpoint
Additional Notes
This is one explanation for one possible scenario however not the only ecplination.
Agent logs will provide more information if necessary
Related Content