logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

App Control: What Syntax to Use to Specify Approving Files With OnlyIF Macro and COMPANY Attribute.

App Control: What Syntax to Use to Specify Approving Files With OnlyIF Macro and COMPANY Attribute.

Environment

  • App Control Server: 8.0.x and Higher
  • App Control Agent: 8.0.x and Higher

Objective

  • This article contains the syntax for specifying the OnlyIF macro for COMPANY in a custom rule

Resolution

  • The three first fields need to be separated with colons
  • The section in the first <> is the OnlyIf which doesn't support wildcards in the file path
  • If the OnlyIf matches on the file then the PATHTO will be evaluated and this field does support wildcards
  • <OnlyIf:Company:*Carbon Black*:<ProgramFilesx86>\bit9\parity agent\parity.exe>PATHTO\*.EXE

     

Related Content


Labels (1)
Labels:
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎12-03-2023
Views:
185
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.