logo

Knowledge Base

Access official resources from Carbon Black experts

Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Cb Defense: Can the sensor delete a file if it's currently in use?

Cb Defense: Can the sensor delete a file if it's currently in use?

Environment

  • Cb Defense Sensor: 3.2 and later

  • Cb Defense Web Console: All Versions

  • Microsoft Windows: All Supported Versions

Question

If a file is marked for deletion in the Cb Defense console, but is currently open or in use on an endpoint, what happens to that file?

Answer

  • For Sensor Versions 3.1 and older: No
  • For Sensor 3.2 and newer: Yes

Additional Notes

  • The same information applies for the Malware Auto-Deletion feature introduced in Sensor Version 3.2.1
  • In Sensor Versions 3.1 and older, if the file is running, someone has a handle on the file, or if we do not have the permissions to delete the file, the file will not be deleted.
  • In Sensor Versions 3.2 and newer, a file marked for deletion will be deleted even if we lacked permissions, there are open handles, or the file is currently running. In the first two cases the sensor will delete the file immediately, but files already running will be deleted on reboot.

Related Content

Cb Defense: How to Delete Malicious Files through the Dashboard

Cb Defense: Can App Deletion Be Undone?

Internal Reference: DSEN-440

Labels (1)
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
cfanion
Creation Date:
‎05-09-2018
Views:
1187
Contributors
logo