

Handelsblatt
https://www.handelsblatt.com/cmsid/100237152.html?product=hb&utm\_medium=in&utm\_source=app&utm\_campaign=share H+: Run auf Klimageräte: Wer jetzt verdient – und wer nicht liefern kann


https://www.handelsblatt.com/cmsid/100237152.html?product=hb&utm\_medium=in&utm\_source=app&utm\_campaign=share H+: Run auf Klimageräte: Wer jetzt verdient – und wer nicht liefern kann
Hello experts,
I wonder why there is no CLI for CS to query the same status as shown in the Tray Icon. So yes there is a CLI for showing if the Sensor is running, but I miss Connection status?
Do I miss something?
br
Hello experts,
as new CS customers we are very happy with how the general performance of the agent looks like. Really small footprint and most of the users are not complaining. But every now and then a performance discussion arises and tickets got escalated through all teams till they finally got assigned to the EDR team. It’s often very vague and a gut feel that the performance of the client is slow.
Especially “pro” users like developers want, as a solution approach, to exclude basically all directories they are using, for example local repositories and so on.
So I wonder what questions do you ask or what analyses do you require to qualify for a special policy. I am also not sure if a directories exclusion is really better than adjusting the detection policy (but what settings?).
Thank you for your input.
Hello experts,
Today we tested the exploit for CVE-2026-46331 on a SUSE Linux 15 with Falcon installed and online (no RFM). So the exploit worked and we are no wonder why there is no Alert or any other information about this. KB of the CVE shows a coverage indication for Falcon.
What’s also interesting if searching for the CVE in the Vulnerability Dashboard the SUSE host is not showing as vulnerable, only Ubuntu Systems popping up.
So it looks like it is not working right and not preventing or alerting anything.
Where to start and what would be the right place to search for exploit attempts, should they pop up in the detections?
BR
Hello experts,
was reading the documentation but I still don’t understand if a quarantine release also requires a exclusion?
So if a file is quarantined and I release it, is the file OK to execute forever on this host? So it just makes sense to create an additional exclusion if it is needed on additional hosts?
Thank you
Hello experts,
I am wondering why there is no feed for mitigated vulnerabilities by CVE by Vendor.
For example, there is a new Nginx Vulnerability wit a CVE, various vendors like Palo, Imperva or Crowdstrike releasing a detection for this CVE which then could be used to block the attacker on the platform. Which means more time for patching the underlying system.
But to lookup all your stack if they have already released a mitigation is a pain. Would be very helpful for risk assessment CVEs if it’s clear if there’s a mitigation available.
Maybe you have a smart workaround for this, which not means checking the vendor portal.
Thank you
Hey experts,
wondering why nobody discusses the hunting for VS Code extensions?
Quite a few KQL Queries floating around, but mon CQL.
Do I miss a channel for this?
Thank you