- Mary Jane Foster
- PowerBuilder
- Thursday, 19 December 2024 08:57 PM UTC
Hi:
We have 7 PowerBuilder applications that have been in play for many, many years. For some reason CrowdStrike has started flagging ONE of our apps as malicious and quarantining it when it is under test.
Our QA team can be testing different changes by different developers on that application at any given time, each of these versions has a different folder name. For example we have BranchA & BranchB under test, and they are always uniquely identified.
QA has a c:\Test folder in which they have both BranchA folder and BranchB folder, and CrowdStrike has tried to add it to their Allowlist, but it will work for one folder and not the other. They have basically said they cannot determine why it is generating detection for the file because it is done through machine learning generated detection.
They have asked how often and when does the file hash the executable change. Can you answer that question for me? Is this something we can control, like within the .json file, or a way to certify or 'sign' our applications? I find all kinds of information with PowerServer, but not PowerBuilder.
All insight appreciated.
MJ
Find Questions by Tag
Helpful?
If a reply or comment is helpful for you, please don’t hesitate to click the Helpful button. This action is further confirmation of their invaluable contribution to the Appeon Community.