Environment
- Cb Defense PSC Console: All Versions
- Cb Defense Sensor: All Versions
- Microsoft Windows: All Supported Versions
Question
Why do bypassed applications and paths still show up in some Events in the Console?
Answer
It is expected that Bypassed applications and paths will still register in Events for the following reasons:
- Startup processes are logged by Sensor regardless of Policy settings
- The application may be attempting to perform actions on protected processes (such as scraping lsass.exe memory)
- The application or path is being called from an application or path which is not bypassed
Related Content