Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

CB Defense: What Happens With An API Bypass Rule and Additional Operation Attemps Are Added For The Same Process?

CB Defense: What Happens With An API Bypass Rule and Additional Operation Attemps Are Added For The Same Process?

Environment

  • CB Defense PSC Console: All Versions
  • CB Defense Sensor: All Versions
  • Microsoft Windows: All Supported Versions
  • Apple macOS: All Supported Versions

Question

When configuring an 'Allow', 'Allow & Log', or 'Performs any API operation' > Bypass rule for a process, will the remaining Operation Attempt logging resume if selected?

Answer

When adding a 'Performs any API operation' bypass rule for a process and other rules are desired, the API bypass will take precedence.

Additional Notes

'Performs ransomware-like behavior' is one exception as that is handled by canary file detection.

Related Content


Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
Creation Date:
‎09-09-2020
Views:
732
Contributors