Environment
- CB Defense PSC Console: All versions
- CB Defense PSC Sensor: 3.2.x.x and lower
- Apple macOS: All supported versions
Symptoms
- The Node application is blocked despite the presence of path-based Permission Rules
- The blocks are typically caused by Node accessing .jpg or Microsoft Office files and are blocked due to "Performs ransomware-like behavior" rules
Cause
This is a known issue that has been investigated and is addressed in the 3.3.2.58 Sensor (with further improvements in upcoming release 3.3.3.x)
Resolution
Upgrade Sensor to 3.3.2.58 or higher
Additional Notes
- If full permission bypass has been granted to the Node application, a Permission rule for "Performs ransomware-like behavior" can be used to narrow scope
- If issues persist after upgrading Sensor to 3.3.2.58 and a Permission rule is in place, this is likely an edge-case scenario that will be addressed in the 3.3.3.x Sensor release (DSEN-2966)