Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: RemoveSa31Appx.exe False Positive Alerts

Carbon Black Cloud: RemoveSa31Appx.exe False Positive Alerts

Environment

  • Carbon Black Cloud Console: All Versions
  • Carbon Black Cloud Sensor: All Versions
  • Microsoft Windows: All Supported Versions

Question

  • Multiple alerts: RemoveSA31Appx.exe
  • Reason: The application pcdrwi.exe invoked another application (RemoveSA31Appx.exe). A Deny Policy Action was applied 
  • Recent TTPs: 
  • pcdrwi.exe policy_denyrun_unknown_app

Answer

The reputation has been updated so these alerts should no longer occur for this instance of the file

Additional Notes

There is no need to open cases based on this, the reputation is updated. Whitelisting the hash can avoid any additional alerts going forward.

Related Content


Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
Creation Date:
‎12-20-2018
Views:
683
Contributors