Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: Watchlist hits from "Defense Evasion - Execution from Recycle Bin" report for processes incorrectly running from $recycle.bin

Carbon Black Cloud: Watchlist hits from "Defense Evasion - Execution from Recycle Bin" report for processes incorrectly running from $recycle.bin

Environment

  • Carbon Black Cloud Sensor: 3.7 and Below
  • Microsoft Windows: All Supported Versions

Symptoms

  • Alert Reason: Process <process_name> was detected by the report "Defense Evasion - Execution from Recycle Bin" in watchlist "Carbon Black Advanced Threats"
  • Path for event starts with 'c:\$recycle.bin'

Cause

Suspected bug with normalization - DSEN-15324

Resolution

Upgrade sensor to the latest 3.8+ sensor version

Labels (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎07-24-2022
Views:
92
Contributors