Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Cb Defense: Understanding "repmgr" or "Cb Defense" related blocking events

Cb Defense: Understanding "repmgr" or "Cb Defense" related blocking events


Cb Defense - All Sensor Versions


You observe "repmgr" or "Cb Defense" related events get blocked without bad reputation or related policy rules.


Some of the actions (e.g. open the process) taken to "repmgr" or "Cb Defense" could be blocked with no obvious reason from reputation or policy rules. But it has "POLICY_DENY" or "POLICY_TERMINATE" TTPs with it.


Screen Shot 2017-04-14 at 4.32.43 PM.png


This kind of blocking actions are caused by Cb Defense sensor's built-in Tamper Protection (also known as "Self-protection"). In order to provide full protection to your systems, Cb Defense sensors will block all kinds of actions like access, modify or delete to Cb Defense related services and processes. Such blocking actions are enforced by design and will present in dashboard as a blocking event with policy action TTPs even though blocking was not actually triggered by a policy action, but by sensor's self-protection.


Since it is a normal protection feature, it's safe to ignore such blocking events if they don't affect your daily work. If they do, please Create a Case in The Community​ for further assistance.

Related Content

Cb Defense: How to Find Policy Actions in Dashboard

Cb Defense: How to set up exclusions for AV products

Labels (1)
Was this article helpful? Yes No
0% helpful (0/1)
Article Information
Creation Date: