logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

App Control: What Custom Rules Should Be Avoided?

App Control: What Custom Rules Should Be Avoided?

Environment

  • App Control Console: All Supported Versions
  • App Control Agent: All Supported Versions

Question

What are some Custom Rule examples that should be avoided?

Answer

  • Using the Rule Type, Expert and specifying both the Execute and Approve actions will cause poor performance.
  • Using the Execute Action: Allow and Promote could unnecessarily elevate nested processes and cause unintended Local Approvals by the Agent.
  • Using one of the File Properties related macros listed below, on a Custom Rule with a Write action will cause high CPU usage. 
    '<Sha256:', '<CertIssuer:', '<CertSerial:', '<CertSHA1:', '<CertMD5:', '<OnlyIf:BuildAttributes:',
'<OnlyIf:BuildTime:', '<OnlyIf:PrivateBuild:', '<OnlyIf:SpecialBuild:', '<OnlyIf:Comments:', '<OnlyIf:Company:',
'<OnlyIf:Copyright:', '<OnlyIf:Description:', '<OnlyIf:FileType:', '<OnlyIf:FileVersion:', '<OnlyIf:Language:',
'<OnlyIf:Manufacturer:', '<OnlyIf:OriginalName:', '<OnlyIf:PackageCode:', '<OnlyIf:ProductName:', '<OnlyIf:ProductCode:',
'<OnlyIf:ProductVersion:', '<OnlyIf:TargetOS:', '<OnlyIf:UpgradeCode:', '<OnlyIf:AboutURL:', '<OnlyIf:HelpURL:', '<OnlyIf:UpdateURL:'

Related Content


Labels (1)
Labels:
Tags (2)
Was this article helpful? Yes No
0% helpful (0/1)
Article Information
Author:
CB_Support
Creation Date:
‎08-31-2022
Views:
391
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.