Environment
- Cb Defense all versions
- Windows endpoints
Question
The app 'System' is being shown with an 'UNKNOWN' reputation but given that System is a basic Windows process it would be expected to be known to Defense, particularly after a background scan.
Event in the Events page may show: Target Name: System Target Process ID: 4 Target Reputation: UNKNOWN
Answer
System is not actually a file, so has no hash and therefore there was never an attempt to establish reputation.
During the construction of the event the default value of the reputation is NOT_SUPPORTED, which maps to UNKNOWN in the console.
This is normal behaviour for the product.