Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Cb Protection: Local State of Banned Remains After Removing Global Ban

Cb Protection: Local State of Banned Remains After Removing Global Ban

Environment

  • Cb Protection Agent: 7.x & 8.x
  • Cb Protection Server: 7.x & 8.x

Symptoms

  • File was marked as Globally Banned
  • Global Ban was then removed from the file
  • File has a Local State of Banned

Cause

Files that are globally banned, then executed on the endpoints, will receive a local state of banned. This state is only checked upon execution, so removing the Global Ban from the console does not immediately remove the local state of banned.

Resolution

After removing the global ban, the local state will persist until the file is executed again on the endpoint. At that time of execution, the agent will see the global ban has been removed, reverse the local state of banned, and will then allow the file to execute.

Additional Notes

Even though the file has a local state of banned, if the global removal has been removed from the console, and the local machine's agent has successfully checked in to the console since the removal of the global ban, then the agent should not block the file on the next execution.

Related Content

Globally approved files are blocked

After approving banned file, banned state persists

Labels (1)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎07-26-2018
Views:
1190
Contributors