Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: Sensor Interop Issue With Caliper Maptitude

Carbon Black Cloud: Sensor Interop Issue With Caliper Maptitude

Environment

  • Carbon Black Cloud Console
  • Carbon Black Cloud Sensor: All Supported Versions
  • Caliper Maptitude

Symptoms

  • Maptitude application crashes upon launch when the sensor is active.
  • Maptitude functions normally when the sensor is in Bypass.

Cause

Interop issue between Maptitude and Carbon Black Cloud Sensor.

Resolution

Create a policy permission rule to Allow Maptitude: 
  1. Identify the paths that are being affected or blocked by the sensor. The paths should be related to SSCProt.exe and KeyActivateWizard.exe.
  2. Log in to the Carbon Black Cloud Console.
  3. Navigate to Enforce > Policies > Relevant Policy > Prevention.
  4. In the Permissions section, click "Add file path" and add the File paths that were identified in Step 1.
    <pathto>\SSCProt.exe
    <pathto>\KeyActivateWizard.exe
    Note: Wildcards allow the path to be more dynamic however more specific paths may increase security posture. 
  5. For the Operation Attempt > Performs any API Operation > enable: Bypass.
  6. Confirm the changes made.
  7. Save the policy changes.

 


Additional Notes

  • Allow listing and path exclusions are also suggested by Caliper for Maptitude found here.

Related Content


Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎03-04-2021
Views:
512
Contributors