Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

Version

7.2.x.

Issue

Approved USB device is triggering a block after entering the Bitlocker password, but the device is accessible for write after acknowledging the Bit9 notifier.

Symptoms

Removable device setting on the policy has Active to block Write action on Unapproved Removable Devices. Ntoskrnl.exe gets a block when using Bitlocker on an approved USB device.

Solution

Create a custom rule

Rule type: Advanced

Operation: Write

Write Action: Allow

Path: \device\harddiskvolume*

Process ntoskrnl.exe

Article Information

Author:

Creation Date:

‎01-16-2015

Views:

1233

Contributors

anadrowski

esullivan

Knowledge Base

Approved USB device is triggering a block after entering the Bitlocker password

Approved USB device is triggering a block after entering the Bitlocker password

App Control

Thank you for your feedback.

Thank you for your feedback.