Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Cb Defense: RemoveSa31Appx.exe False Positive Alerts

Cb Defense: RemoveSa31Appx.exe False Positive Alerts

Environment

  • Carbon Black Defense PSC Console: All Versions
  • Carbon Black Defense Sensor: All Versions
  • Microsoft Windows: All Supported Versions

Question

  • Multiple alerts: RemoveSA31Appx.exe
  • Reason: The application pcdrwi.exe invoked another application (RemoveSA31Appx.exe). A Deny Policy Action was applied 
  • Recent TTPs: 
  • pcdrwi.exe policy_denyrun_unknown_app

Answer

Carbon Black is currently working to resolve the reputation of the false positive. 

Additional Notes

There is no need to open cases based on this, we will update the article when the reputation is updated. You can whitelist the hash to avoid any additional alerts going forward.

Related Content


Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
Creation Date:
‎12-20-2018
Views:
398
Contributors