Environment
- Carbon Black Cloud: All Versions
- Carbon Black Cloud Sensor: All Versions
- An application isn't functioning correctly with the CB Defense sensor enabled
- With the sensor in bypass the application operates normally
Objective
Troubleshoot potential software compatibility issues with Carbon Black Cloud
Resolution
- Confirm the behavior with the sensor and that there are no block alerts or events associated with the behavior in the PSC Console
- In the Endpoints Tab find the name of the computer experiencing the issue
- Search for the name of the application in question to pinpoint the time that the issue was occurring
- Potentially search for related software applications that the application relies on around the time of the issue
- Record potential process names that are being monitored by CB Defense and are affected by this issue
- Put the sensor in bypass and confirm that the behavior no longer exists
- Search UEX to confirm that no known issues and workarounds are available
- Test creation of a bypass rule for the specific processes which are being ran to see if this helps alleviate the issue
Additional Notes
If additional assistance is needed please open a case to contact support.
Please provide the following
- Run procmon while reproducing the issue
- Run procmon while the sensor is in bypass and running the application
- Provide us the computer name and time in question so we can gather Sensor logs
Related Content
