Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

PSC: Does the sensor disable device services?

PSC: Does the sensor disable device services?

Environment

  • CB Defense PSC Console: All Versions
  • CB Defense PSC Sensor: 3.5 and above
  • Microsoft Windows: All Supported Versions

Question

Does the sensor disable device services?

Answer

Yes. Starting in Sensor version 3.5, a new feature has been added which will find all malicious services associated with Known Malware hashes and puts them in a disabled state.

Additional Notes

  • Malicious services that run at start-up have the potential to execute and impact the endpoint before the sensor starts up.
  • If the sensor disables the malware service, the service(s) remain in disabled state across reboots, and therefore cannot execute at startup.
  • If a service binary in question was not malicious or if some other tool is used to clean the malware, then the sensor will not automatically enable the service again.
  • This feature only applies to files with a Known Malware reputation, so it is possible that files with Company Blacklist, Suspect/Heuristic Malware, Adware/PUP Malware reputation may execute on device boot-up if they are started before the sensor service
  • This feature will not take effect if prevention rule "Known malware Runs or is running" Deny\Terminate is not enabled on the device policy

Related Content


Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
Creation Date:
‎09-09-2020
Views:
529
Contributors