logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

Cb Defense: Why is a signed file from a trusted site flagged as KNOWN_MALWARE?

Cb Defense: Why is a signed file from a trusted site flagged as KNOWN_MALWARE?

Environment

  • Cb Defense Web Console: All Versions
  • Cb Defense Sensor: All Versions

Question

Why is a signed file that is downloaded from a trusted site blocked from running by Cb Defense and listed as KNOWN_MALWARE?

Answer

A signed file from a reputable site may be bundled with a PUP or other suspicious software.

Additional Notes

  • The file name may indicate there is additional software included with the package.  For example, a downloaded installer file may have a name such as "program_setup_bundled.exe".
  • Some sites or vendors may include additional download links to a non-bundled version of the software.

Related Content

Cb Defense: Reputation Priority

Cb Defense: Severity, Threat Level, Target Value, Malware Types Information

Labels (1)
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
nbondurant
Creation Date:
‎08-13-2018
Views:
753
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.