Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: What to do if an Application is Not Working Correctly But There are no Alerts or Blocks

Carbon Black Cloud: What to do if an Application is Not Working Correctly But There are no Alerts or Blocks

Environment

  • Carbon Black Cloud: All Versions
  • Carbon Black Cloud Sensor: All Versions
  • An application isn't functioning correctly with the CB Defense sensor enabled
  • With the sensor in bypass the application operates normally

Objective

Troubleshoot potential software compatibility issues with Carbon Black Cloud

Resolution

  1. Confirm the behavior with the sensor and that there are no block alerts or events associated with the behavior in the PSC Console
    • In the Endpoints Tab find the name of the computer experiencing the issue
    • Search for the name of the application in question to pinpoint the time that the issue was occurring
    • Potentially search for related software applications that the application relies on around the time of the issue
    • Record potential process names that are being monitored by CB Defense and are affected by this issue
  2. Put the sensor in bypass and confirm that the behavior no longer exists
  3. Search UEX to confirm that no known issues and workarounds are available
  4. Test creation of a bypass rule for the specific processes which are being ran to see if this helps alleviate the issue

Additional Notes

If additional assistance is needed please open a case to contact support.

Please provide the following
  • Run procmon while reproducing the issue
  • Run procmon while the sensor is in bypass and running the application
  • Provide us the computer name and time in question so we can gather Sensor logs 

Related Content


Was this article helpful? Yes No
0% helpful (0/1)
Article Information
Author:
Creation Date:
‎02-20-2019
Views:
5362
Contributors