Cb Defense: Alerts When Document "acted as a network server"
Cb Defense Web Console: All Versions
Cb Defense Sensor: All Versions
Microsoft Windows: All Supported Versions
Apple Mac OS: All Supported Versions
Priority 3 Alert (Monitored) - "The application filename.pdf acted as a network server." with TTPs: HAS_SCRIPT_DLL, RUN_ANOTHER_APP, RUN_UNKNOWN_APP, ACTIVE_SERVER, MODIFY_PROCESS , Or NETWORK_ACCESS
Alerts are created when .doc, .pdf, .xlsm, etc. files attempt to communicate over the network or establish a network connection.
Alerts continue to re-occur even if dismissed with the option "If this alert occurs in the future, automatically dismiss it from all devices" selected.
These types of alerts may occur when a document management server is used to either pull a document or a resource from within the document; In that case this type of an alert would be a false positive.
The reason why these Alerts may re-occur is because whenever the hash of a .pdf, .txt, .doc, etc. file changes, a new Threat ID is assigned to the Alert and it will need to be reviewed and dismissed again as described in Cb Defense: Alert ID vs. Threat ID
There are a number of ways to help reduce the "noise" within your environment including the use of bulk dismissal for verified false positive alerts as well as adjusting the priority threshold within your environment to a level that will allow you to be alerted to the events that warrant the most revision; In this case it would be raising the threshold to level "4".
Ensure the "Group Alerts" option is always enabled when dismissing Alerts and ensure that "If this alert occurs in the future, automatically dismiss it from all devices" is selected as this will prevent future Alerts of this type in the case of a specific hash.
Another way to mitigate these false positives without compromising security would be to have the option of whitelisting by IP address. This functionality is not currently supported by Cb Defense. If you wish to see it added to the product, please up-vote the following ideas or create new one(s) based on your specific use-case(s).