Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

App Control Server: How to automatically ban a hash when detected as Malicious by CDC

App Control Server: How to automatically ban a hash when detected as Malicious by CDC

Environment

  • App Control Server: All Supported Versions

Objective

  • Automatically ban a hash when detected as Malicious by CDC
  • Setup an event rule to automatically ban hashes when "Malicious file is detected" event is triggered

Resolution

  1. Login to the App Control Console.
  2. Navigate to Rules > Event Rules > [Sample] Report Malicious files
  3. This OOTB rule can be modified from "Ban (Report Only)" to "Ban" if desired.

Additional Notes

  • By default, event rules will change any pre-existing file state (IE if the file was approved, it will be changed to banned). If you would like to override this behavior you can add a filter so the rule only applies to unapproved files (File Properties filter > File State IS: Unapproved).
  • More information on event rules can be found in Chapter 19 "Event Rules" in the User Guide.

Related Content


Labels (1)
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎07-20-2021
Views:
351
Contributors