Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: Subsequent blocked events on the same hash do not show up in the console

Carbon Black Cloud: Subsequent blocked events on the same hash do not show up in the console

Environment

  • Carbon Black Cloud: All versions

Symptoms

  • Subsequent blocked events on the same hash do not show up in the console
  • Multiple attempts made to execute the same binary in a short timeframe
  • Binary was blocked from execution due to blocking rules configured on the policy
  • Sensor logs show following message: 
INFO UiMsgObj::AddThreat: Same threat () on the same file (C:\windows\syswow64\windowspowershell\v1.0\powershell.exe) was reported less than 0 D 0 H 30 M 0.0 S ago. Suppress UI Msg

 

Cause

Events suppressed due to sensor's internal event suppression logic

Resolution

This is an expected behavior as the same the same threat for the same file was reported less than 30 Minutes apart, no events were sent to the console.



 

Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎10-14-2021
Views:
271
Contributors