Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

CB Defense: Do “Blocking and Isolation – Communicates Over the Network” Rules Work for File Shares?

CB Defense: Do “Blocking and Isolation – Communicates Over the Network” Rules Work for File Shares?

Environment

  • CB Defense Sensor: All Supported Versions
  • Microsoft Windows: All Supported Versions

Question

Do "Blocking and Isolation - Communicates over the network" rules work for File Shares?

Answer

The current CB Defense network rules only apply if the process specified in the rule is performing the network operation. If the files are served up via SMB (passing network task to the "System" process) the action will not be stopped.

Additional Notes

Gathering a procmon capture and looking for tcp send/receive operations will help determine what process is performing the network operation.

Related Content


Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎04-04-2019
Views:
686
Contributors