Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Endpoint Standard: Why was a file drop for Known Malware not blocked?

Endpoint Standard: Why was a file drop for Known Malware not blocked?

Environment

  • Endpoint Standard (Formerly CB Defense) Sensor: All Versions

Question

Why was a file classified as Known Malware allowed to be dropped on an endpoint? 

Answer

Sensors will not block the action of dropping a file. If the file were to execute, the sensor would handle the malware based on the sensor's group policy settings.

Additional Notes

  • To prevent attacks from the file, keep sensors up-to-date with a recent sensor version and ensure policies take action for Known Malware applications.
  • Once the file is dropped, the file will be isolated in place based on policy actions rather than being moved to a specific isolation folder
  • Endpoint Standard sensor will not remove files detected as known malware. Deletion of malware requires administrative intervention
  • The file drop alert will show a status of Ran. This applies to the action of dropping the file and not the malicious file being run
  • Company-Banned files are treated the same way as Known Malware in this article's context.

Related Content


Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
Creation Date:
‎03-11-2019
Views:
1963
Contributors