Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: Policy Deny for process which does not appear to meet policy rules

Carbon Black Cloud: Policy Deny for process which does not appear to meet policy rules

Environment

  • Carbon Black Cloud Sensor

Symptoms

  • Process blocked with Policy Deny TTP
  • Process blocked does not appear to match any of the policy blocking rules

Cause

The process command line shows execution of a process with a policy block rule

Resolution

This is behaving as expected based on policy rules. If a block is not desired, policy actions will need to be modified to either allow the process initiating the command to be ignored or remove the blocking rule.

Related Content


Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎07-17-2022
Views:
264
Contributors