Open EMarcais opened 2 years ago
Carbon Black came back with the only solution they could find and put me in ByPass policy as of now. It's related to their security policy but they can't find what exactly trigger the blockage. I will let them research and closing this one as a miss.
Glad you got unblocked, but can't say I'm happy they have issues with my project.
If it will help, I'm happy to have a discussion with one of their tech folks.
They can contact me any time via my corporate email address (<givenname>.<surname>@microsoft.com
)
I will reach out to them and inform them you are available for research! Many thanks for your response and time maintaining this incredible tool!
I identified I am encountering the same issue with Carbon Black and PSFramework. I likely will open up a case with them as well.
More context from carbon black team. They told me that carbon black is leveraging an anti-malware tool that is flagging something in PSFramework. They try to implement something to cover this but maybe you will have better luck.
Carbon Black support told me that it was simply up to each individual environment to determine how they want to respond to their alerts (such as this one flagged as obfuscated techniques/code), and that the tool doesn't indicate which lines of the PS Module are considered malicious or suspicious. I inquired about if there was a feedback component to Carbon Black to submit the file for analysis, have the vendor contact Carbon Black, etc., but support said that this doesn't exist.
Too bad :( I can see why they wouldn't want to expose their detection criteria though (lest they be gamed by bad actors). Oh well, "Obfuscated" is already one info more. maybe something I can try and nail down with the good ol' Revoke-Obfuscation project to help narrow down the file.
Issue seems related with dbaTools issue https://github.com/dataplat/dbatools/issues/8241 We are currently working with CB support on this issue
Hi guys,
I have been using your wonderful module for the last two years and basically use it heavily for logging purposes. This started I think I pinpoint it to the installation of this windows update on my setup. https://support.microsoft.com/en-us/topic/april-12-2022-kb5012599-os-builds-19042-1645-19043-1645-and-19044-1645-548cc67c-7f12-46fd-878e-589ba81ac2f5
The error I get are:
I have installed Symantec Endpoint Protection and Carbon Black Cloud Sensor as security tools and defender turned-off. The facts are:
here is the detailled information about my setup: ❯ [System.Environment]::OSVersion.Version
Major Minor Build Revision
10 0 19042 0
Windows 10 Enterprise 2009 10.0.19041.1566
❯ systeminfo /fo csv | ConvertFrom-Csv | select OS, System, Hotfix* | Format-List
OS Name : Microsoft Windows 10 Enterprise OS Version : 10.0.19042 N/A Build 19042 OS Manufacturer : Microsoft Corporation OS Configuration : Member Workstation OS Build Type : Multiprocessor Free System Boot Time : 02/05/2022, 09:12:15 System Manufacturer : Dell Inc. System Model : Latitude 7420 System Type : x64-based PC System Directory : C:\windows\system32 Hotfix(s) : 15 Hotfix(s) Installed.,[01]: KB5012117,[02]: KB4562830,[03]: KB4570334,[04]: KB4577586,[05]: KB4580325,[06]: KB4586864,[07]: KB4589212,[08]: KB5003304,[09]: KB5005716,[10]: KB5012599,[11]: KB5006753,[12]: KB5007273,[13]: KB5011352,[14]: KB5011651,[15]: KB5005260
Many thanks for your help