Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

Environment

Carbon Black Cloud Windows Sensor: All Supported Versions
Microsoft Windows: All Supported Versions

Symptoms

Getting a lot of alerts for "The application notepad.exe invoked another application (notepad.exe)" or another application
The application may show with an ADAPTIVE_WHITE_LIST reputation

Cause

This alert is normally associated with the application hash in question having a NOT_LISTED or ADAPTIVE_WHITE_LIST reputation

Resolution

If this version of the application is trusted in the environment then the hash could be added to the approved list to prevent the alert

Additional Notes

The notepad.exe hash that this has been seen the most with is 9e858931dd750839f98edcbe90acf73aa530c7c9485ce39e26c1e21190a5a729
Some versions of notepad.exe do have a Trusted_white_list cloud reputation and don't create this alert

Related Content

Carbon Black Cloud: How to Add a SHA256 Hash to Approved/Banned List
Carbon Black Cloud: RemoveSa31Appx.exe False Positive Alerts
Reputation Assignment

Article Information

Author:

Creation Date:

‎04-11-2023

Views:

1414

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.