Environment
- CB Protection Server: 8.0.0 Patch 3 - 8.0.0 Patch 6
Objective
The Windows Installer Embedded File Protection Rapid Config is available to customers running 8.0.0 patch 7 and higher. For customers unable to upgrade to patch 7 at this time, the solution below can be used to import custom rules for the same functionality.
Resolution
- Download the .rules from this link: https://sflinks.carbonblack.com/CkgUvNrDlmo/
- In the CB Protection Console, navigate to Rules > Software Rules > Custom
- Click on the Import Rules button
- Choose the file downloaded in the first step
- Check the box in front of the rule named "Report execution of jar files identified as Installers"
- Click on Import
- After importing, the rule will appear at the top of the list.
- Make sure to enable the rule here so it will take effect
Additional Notes