Environment
- Cb Defense Web Console: All Versions
- Cb Defense Sensor: All Versions
Question
Why is a signed file that is downloaded from a trusted site blocked from running by Cb Defense and listed as KNOWN_MALWARE?
Answer
A signed file from a reputable site may be bundled with a PUP or other suspicious software.
Additional Notes
- The file name may indicate there is additional software included with the package. For example, a downloaded installer file may have a name such as "program_setup_bundled.exe".
- Some sites or vendors may include additional download links to a non-bundled version of the software.
Related Content
Cb Defense: Reputation Priority
Cb Defense: Severity, Threat Level, Target Value, Malware Types Information