Environment
- Carbon Black Cloud Console: All Versions
- Carbon Black Cloud Linux Sensor: 2.7.0.x and Higher
- Carbon Black Cloud macOS Sensor: 2.0.x.x and Higher
- Carbon Black Cloud Windows Sensor: 2.0.x.x and Higher
- Enteprise EDR Windows Sensor: 3.7.0.1253 and newer
- Linux: All Supported Versions
- macOS: All Supported Versions
- Microsoft Windows: All Supported Versions
Objective
Provide steps to add a Sha256 hash to the Company Approved List or Company Banned List
Resolution
For a single hash:
- Log into Carbon Black Cloud Console
- Go to Enforce > Reputation
- Click "+Add" button
- Select "Hash" option (default)
- Click "Approved List" or "Banned List"
- Paste the SHA256 value into the "SHA256 hash" field
- Enter the application name
- Optionally enter a comment
For multiple hashes:
- Log into Carbon Black Cloud Console
- Go to Enforce > Reputation
- Click "Upload" > "File Format" to review the required format for upload
- Click "Select" to upload a .csv when ready
Additional Notes
- Alternatively, a file's hash may be whitelisted by selecting the application name while reviewing events in the Investigate tab, provided the application is signed:
- Select the application name
- Click the "Take Action" drop-down menu
- Select either "Add to Allow List" or "Add to Banned List"
- Click the "Allow List" or "Banned List" upon the confirmation dialog box appearing
- VMware Carbon Black is working to eliminate offensive terminology
- Approved List replaces Whitelist
- Banned List replaces Blacklist
- There is no limit to the number of hashes that can be added to the lists.
- With Enterprise EDR only org, we do not have the functionality of adding a hash to the COMPANY APPROVED list. Adding a hash to a COMPANY BANNED list is possible with the Enterprise EDR only org.
Related Content