Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Endpoint Standard: Alert blocking generated for TCP connections in policy with not network blocking rules

Endpoint Standard: Alert blocking generated for TCP connections in policy with not network blocking rules

Environment

  • Carbon Black Cloud Console
    • Endpoint Standard Sensor: All Supported Versions

Symptoms

  • Windows application event logs show network connections blocked by Cb Defense
  • Console has alerts for TCP connections blocked for policies that do not have rules to block network connections

Cause

Device was / is in quarantine at the time of blocks. 

Resolution

This is behaving as expected when a device is in quarantine. Removing quarantine will allow the network connections to resume as normal

Related Content


Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎07-17-2022
Views:
223
Contributors