Environment
- CB Defense PSC Console: All Versions
- CB Defense Sensor: All Versions
- Microsoft Windows: All Supported Versions
- Apple macOS: All Supported Versions
Question
When configuring an 'Allow', 'Allow & Log', or 'Performs any API operation' > Bypass rule for a process, will the remaining Operation Attempt logging resume if selected?
Answer
When adding a 'Performs any API operation' bypass rule for a process and other rules are desired, the API bypass will take precedence.
Additional Notes
'Performs ransomware-like behavior' is one exception as that is handled by canary file detection.
Related Content