Access official resources from Carbon Black experts
The application <process_name> attempted to execute fileless content in order to evade inspection. A Deny policy action was applied.
reason_code:"1DED7E47-CE4C-448E-AD01-6F4AC3CE7F5D:9230D32E-4018-479E-9F88-2115BC2D181E" AND "cb:defense:tamper:policy_deny"
AND alert_id:(<alert_id_1>) OR <alert_id_2> OR ... <alert_id_n>)
alert_id:<alert_id>
reason_code:"1DED7E47-CE4C-448E-AD01-6F4AC3CE7F5D:9230D32E-4018-479E-9F88-2115BC2D181E" AND "cb:defense:tamper:policy_deny"
Example <process_name> becomes powershell.exe
Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.