Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Cb Defense: Why do Events in Console Include Bypassed Application Paths?

Cb Defense: Why do Events in Console Include Bypassed Application Paths?

Environment

  • Cb Defense PSC Console: All Versions
  • Cb Defense Sensor: All Versions
  • Microsoft Windows: All Supported Versions

Question

Why do bypassed applications and paths still show up in some Events in the Console?

Answer

It is expected that Bypassed applications and paths will still register in Events for the following reasons:
  • Startup processes are logged by Sensor regardless of Policy settings
  • The application may be attempting to perform actions on protected processes (such as scraping lsass.exe memory)
  • The application or path is being called from an application or path which is not bypassed

Related Content


Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎12-21-2018
Views:
470
Contributors