Environment
- Carbon Black Cloud Console: All Supported Versions
- Carbon Black Cloud Sensor: All Supported Versions
Question
What is the difference between Deny and Terminate for Policy Action?
Answer
- Deny will stop the process / application from starting
- Terminate will end the process and stop the process if already running
Additional Notes
If Services or another startup process opens a file with a Reputation that would be Denied before the Sensor is able to enforce Policy it would show as allowing the file to run. As the Sensor did not see it being started the Sensor will not take action on it. In that same situation with the Policy Action set to Terminate though it would end the process and block it from starting again if invoked.
Related Content