Environment
- CB Defense Sensor: Version 2.x and Higher
- CB Defense Sensor UI
- CB Defense Web Console: All Versions
Symptoms
A Deny or Terminate action is not shown in the local sensor UI.
Cause
Sensor UI notifications for Network Operations (e.g., TCP or UDP connection) and API Calls (e.g., code injection, memory scrape, etc.) are not shown due to the intent of reducing pop-up fatigue.
Resolution
Search for the Deny or Terminate operation on the Investigate page within the CB Defense Web Console.
Additional Notes
- Process operations that are reported to the sensor UI include Process Create, File Actions, and Malware found by the local scanner.
- Submit a Carbon Black support case if the notification does not include Network Operations or API Calls and is, in fact, missing from the sensor UI.
Related Content