Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

CB Defense: Node Application is Blocked Despite Permission Rules

CB Defense: Node Application is Blocked Despite Permission Rules

Environment

  • CB Defense PSC Console: All versions
  • CB Defense PSC Sensor: 3.2.x.x and lower
  • Apple macOS: All supported versions

Symptoms

  • The Node application is blocked despite the presence of path-based Permission Rules
  • The blocks are typically caused by Node accessing .jpg or Microsoft Office files and are blocked due to "Performs ransomware-like behavior" rules

Cause

This is a known issue that has been investigated and is addressed in the 3.3.2.58 Sensor (with further improvements in upcoming release 3.3.3.x)

Resolution

Upgrade Sensor to 3.3.2.58 or higher

Additional Notes

  • If full permission bypass has been granted to the Node application, a Permission rule for  "Performs ransomware-like behavior" can be used to narrow scope
  • If issues persist after upgrading Sensor to 3.3.2.58 and a Permission rule is in place, this is likely an edge-case scenario that will be addressed in the 3.3.3.x Sensor release (DSEN-2966)

Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎09-09-2020
Views:
955
Contributors