logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

Endpoint Standard: Why was a file drop for Known Malware not blocked?

Endpoint Standard: Why was a file drop for Known Malware not blocked?

Environment

  • Endpoint Standard (Formerly CB Defense) Sensor: All Versions

Question

Why was a file classified as Known Malware allowed to be dropped on an endpoint? 

Answer

Sensors will not block the action of dropping a file. If the file were to execute, the sensor would handle the malware based on the sensor's group policy settings.

Additional Notes

  • To prevent attacks from the file, keep sensors up-to-date with a recent sensor version and ensure policies take action for Known Malware applications.
  • Once the file is dropped, the file will be isolated in place based on policy actions rather than being moved to a specific isolation folder
  • Endpoint Standard sensor will not remove files detected as known malware. Deletion of malware requires administrative intervention
  • The file drop alert will show a status of Ran. This applies to the action of dropping the file and not the malicious file being run
  • Company-Banned files are treated the same way as Known Malware in this article's context.

Related Content


Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
CB_Support
Creation Date:
‎03-11-2019
Views:
2484
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.