Environment
- Carbon Black Cloud console: All versions
- Endpoint Standard Sensor: All versions
Symptoms
- Repmgr.exe is detected as an involved process with TTP: detected_malware_app
- The alert triage page displays the message:
The file <application>.exe was first detected on a local disk.
The device was on the corporate network using the public address xx.xx.xx.xx.
The file is not signed.
The file was accessed by the application C:\program files\confer\repmgr.exe.
Cause
Since a process contains a primary & target application, in the process of malware scanning , repmgr.exe is the primary application and malware is the target application.
Resolution
Application detected as malware has to be evaluated as per the organization's security standards.