No Threats Detected Despite Web Console Reporting Events
Symptoms
- You see no threats detected for several days, but the web console continues to report events.
- The backlog section of the Netwrix Threat Manager console is not populated. As a result, it is not possible to determine the status of the database maintenance job, as well as other components of the console.
Cause
An Endpoint Detection and Response (EDR), Extended Detection and Response (XDR), or antivirus solution in your Netwrix Threat Manager environment conflicts with the PostgreSQL application.
Resolution
Create exclusions for the following PostgreSQL file paths:
\Program Files\Stealthbits\PostgreSQL14
\ProgramData\Stealthbits\PostgreSQL14
\Program Files\Stealthbits\StealthDEFEND
\Program Files\STEALTHbits\PostgreSQL14\bin\postgres.exe
\Program Files\STEALTHbits\PostgreSQL14\bin\psql.exe
\Program Files\STEALTHbits\PostgreSQL14\bin\pg_ctl.exe
tip
See How to Create Custom Rules on the CrowdStrike blog for additional information about custom IOA rules.