logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

App Control: How to Setup a Performance Optimization Rule to Ignore Directory Writes

App Control: How to Setup a Performance Optimization Rule to Ignore Directory Writes

Environment

  • App Control Console: All Supported Versions
  • App Control Agent: All Supported Versions

Objective

Create a Custom Rule for Performance Optimization to ignore all Read, Rename, Write, Write Delayed, and Delete operations.


Resolution

  1. Log in to the Console and navigate to Rules > Software Rules > Custom > Add Custom Rule.
  2. In the Rule Name field, enter the name with which you want to identify this Custom Rule
  3. Choose the Platform you want this rule applied to (Windows, Mac, or Linux) 
  4. Choose the Rule Type Performance Optimization.
  5. Specify the Process(s) and File Path(s) relevant to this Performance Optimization Rule.
  6. By default, all new Custom Rules are created with the Status set to Disabled. To have this take affect immediately set this to Enabled.
  7. Save the new Custom Rule.

Additional Notes

  • Executions will still be monitored but Performance Optimization Rules will specify folders or files to avoid tracking writes.
  • For Windows endpoints a Procmon capture may be beneficial in determining specific combinations for Performance Optimization.

Related Content


Labels (1)
Labels:
Tags (2)
Was this article helpful? Yes No
0% helpful (0/1)
Article Information
Author:
CB_Support
Creation Date:
‎02-05-2019
Views:
3279
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.