Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

Environment

Carbon Black Cloud Console: All Versions
- Endpoint Standard

Symptoms

Logic for TTP: MODIFY_PROCESS_EXECUTION is not included in test rule search, but events with the TTP are blcoked with "Injects code or modifies memory of another process" rule in place

Cause

Test rule is missing TTP - DSER-27456

Resolution

When using the Test Rule feature, append OR ttp:MODIFY_PROCESS_EXECUTION to the query

Article Information

Author:

Creation Date:

‎10-15-2020

Views:

565

Knowledge Base

Endpoint Standard: Test Rule for "Injects code or modifies memory of another process" missing TTP

Endpoint Standard: Test Rule for "Injects code or modifies memory of another process" missing TTP

Environment

Symptoms

Cause

Resolution

Carbon Black Cloud

Endpoint Standard

Knowledge Base

Endpoint Standard: Test Rule for "Injects code or modifies memory of another process" missing TTP

Endpoint Standard: Test Rule for "Injects code or modifies memory of another process" missing TTP

Environment

Symptoms

Cause

Resolution

Carbon Black Cloud

Endpoint Standard

Thank you for your feedback.

Thank you for your feedback.