Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: Large Quantity of Alerts Due to Process Injection Via Hollowing

Carbon Black Cloud: Large Quantity of Alerts Due to Process Injection Via Hollowing

Environment

  • Carbon Black Cloud Sensor: 3.9.0.2012
  • Microsoft Windows: All Supported Versions

Symptoms

Large quantity of alerts in console reporting process injection via hollowing, triggered by rule "Report Process Hollowing".

Console alert example:

The application xxx.exe injected code into another process (xxx.dll) via hollowing.

Cause

Known issue (DSEN-20840) which has been fixed in 3.9.1.2464 
Additional alerts with this same message are also being worked on in (DSEN-22991) which will be fixed in 3.9 MR2 once available

Resolution

Upgrade to 3.9.1.2464 Maintenance Release or greater, once available 

Was this article helpful? Yes No
78% helpful (7/9)
Article Information
Author:
Creation Date:
‎01-13-2023
Views:
4092
Contributors