Environment
- Carbon Black Cloud(Formerly PSC) Console: All Supported Versions
- Endpoint Standard(Formerly CB Defense)
- Enterprise EDR(Formerly CB ThreatHunter)
- Workload(Formerly CB Defense for VMware + VMware AppDefense)
- Audit and Remediation(Formerly CB LiveOps)
Symptoms
Cause
By product design, this activity was incorrectly being marked with a low risk score
Resolution
A new detection has been created to raise a higher scoring alert when a user tries to export SAM registry keys
Additional Notes
The new added detection is valid for both HKLM\sam and HELM\system
Related Content