Environment
- Carbon Black Cloud: All versions
Symptoms
- Subsequent blocked events on the same hash do not show up in the console
- Multiple attempts made to execute the same binary in a short timeframe
- Binary was blocked from execution due to blocking rules configured on the policy
- Sensor logs show following message:
INFO UiMsgObj::AddThreat: Same threat () on the same file (C:\windows\syswow64\windowspowershell\v1.0\powershell.exe) was reported less than 0 D 0 H 30 M 0.0 S ago. Suppress UI Msg
Cause
Events suppressed due to sensor's internal event suppression logic
Resolution
This is an expected behavior as the same the same threat for the same file was reported less than 30 Minutes apart, no events were sent to the console.