Environment
- Carbon Black Cloud Windows Sensor: All Supported Versions
- Microsoft Windows: All Supported Versions
Symptoms
- Getting a lot of alerts for "The application notepad.exe invoked another application (notepad.exe)" or another application
- The application may show with an ADAPTIVE_WHITE_LIST reputation
Cause
This alert is normally associated with the application hash in question having a NOT_LISTED or ADAPTIVE_WHITE_LIST reputation
Resolution
If this version of the application is trusted in the environment then the hash could be added to the approved list to prevent the alert
Additional Notes
- The notepad.exe hash that this has been seen the most with is 9e858931dd750839f98edcbe90acf73aa530c7c9485ce39e26c1e21190a5a729
- Some versions of notepad.exe do have a Trusted_white_list cloud reputation and don't create this alert
Related Content