Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

Environment

CB Defense PSC Sensor: 3.2.x.x-3.3.x.x
CB Defense PSC Console: All supported versions
Microsoft Windows: All supported versions

Symptoms

Policy rules may be found to apply to unexpected paths
For example, **\windows is translated as **\windows*, which would match all filenames starting with "windows"

Cause

There is a known issue where the Sensor applies the asterisk to non-directories

Resolution

Engineering has investigated this issue and a fix is included in the 3.4.0.1016 and higher Sensors

Additional Notes

Previous to 3.4.0.1016, the sensor appended a single asterisk to any path identified as a glob pattern if it did not already end with an asterisk
Starting with 3.4.0.1016, this asterisk is no longer appended
Any policy rules that rely on this translation issue to function as desired will need to be updated

For example

The path **\windows was translated as **\windows*, which would match all filenames starting with windows
Now **\windows will only match an extensionless file named windows

Related Content

3.4 Windows PSC Sensor Release Notes (GA Version)
Carbon Black Cloud: How to Use Wildcards in Policy Rules

Article Information

Author:

Creation Date:

‎09-09-2020

Views:

370

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.