logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

Cb Defense: Can the sensor delete a file if it's currently in use?

Cb Defense: Can the sensor delete a file if it's currently in use?

Environment

  • Cb Defense Sensor: 3.2 and later

  • Cb Defense Web Console: All Versions

  • Microsoft Windows: All Supported Versions

Question

If a file is marked for deletion in the Cb Defense console, but is currently open or in use on an endpoint, what happens to that file?

Answer

  • For Sensor Versions 3.1 and older: No
  • For Sensor 3.2 and newer: Yes

Additional Notes

  • The same information applies for the Malware Auto-Deletion feature introduced in Sensor Version 3.2.1
  • In Sensor Versions 3.1 and older, if the file is running, someone has a handle on the file, or if we do not have the permissions to delete the file, the file will not be deleted.
  • In Sensor Versions 3.2 and newer, a file marked for deletion will be deleted even if we lacked permissions, there are open handles, or the file is currently running. In the first two cases the sensor will delete the file immediately, but files already running will be deleted on reboot.

Related Content

Cb Defense: How to Delete Malicious Files through the Dashboard

Cb Defense: Can App Deletion Be Undone?

Internal Reference: DSEN-440

Labels (1)
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
cfanion
Creation Date:
‎05-09-2018
Views:
1418
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.