logo

Knowledge Base

Access official resources from Carbon Black experts

Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: "Alert" Email notifications seemingly continue to be generated even though all future alerts are auto-dismissed and "suppressed".

Carbon Black Cloud: "Alert" Email notifications seemingly continue to be generated even though all future alerts are auto-dismissed and "suppressed".

Environment

  • Carbon Black Cloud Server: All versions
  • Carbon Black Cloud Sensor: All versions

Symptoms

  1. An initial alert is dismissed with the action checked to auto-dismiss all future versions of the alert.
  2. Admin continues to receive similar email notifications with the title "CARBON BLACK CLOUD ALERT" that the action causing the initial alert has occurred again (aka. a policy block for an executable)

Cause

There are actually two types of email notifications: One notifies of an actual Alert (that can be seen in the console's Alerts page) and 2). an email notifying that that a permissions action has occurred, say, to deny/block an application. This second category does not trigger a true alert, but does generate an email notification when a policy action has been applied with the title including the term "ALERT" which can cause confusion. The second setting is in the Settings / Notifications page of the Console.

Resolution

Functioning as designed.

Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎04-10-2023
Views:
1455
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.