logo

Knowledge Base

Access official resources from Carbon Black experts

Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

CB Defense: Why are Some Microsoft Office 365 Updates Blocked?

CB Defense: Why are Some Microsoft Office 365 Updates Blocked?

Environment

  • CB Defense Sensor: All versions
  • CB Defense PSC Console: All versions
  • Micorosft Windows: All supported versions
  • Microsoft Office 365

Question

Why are some Microsoft Office 365 updates blocked when launched through the OfficeClickToRun.exe update mechanism?

Answer

These updates may include unsigned, new files such as ChakraCore.dll that are open source and initially flagged as PUPs

Additional Notes

  • Since these files are unsigned and open source, the PUP reputation is initially applied
  • Initially trusting these files carries risk in case of supply chain compromise of open source software
  • Once the files are ingested into the CDC-R, the reputation should be updated

Related Content


Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
CB_Support
Creation Date:
‎09-09-2020
Views:
1026
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.