Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

Environment

CB Protection Server: 7.x and Higher
CB Protection Agent: 7.x and Higher
Microsoft WIndows: All Supported Versions

Objective

How can I disable the "File Group Created" events for files?

Resolution

Navigate to https://yourconsole/agent_config.php
Click "Add Agent Config"
Fill out the values as follows:
1. Property Name: Your Discretion
2. Host ID: <Enter a specific host ID or enter 0 for all hosts>
3. Value: no_group=<executable writing the files triggering the event>
4. Status: Enabled
5. Create For: <Select desired policies>
Click Save

Additional Notes

If you wish to enter multiple executables, they must be comma separated.
Here is the default setting of the no_group value:

no_group=explorer.exe,cmd.exe,winlogon.exe,rundll32.exe,spoolsv.exe,mmc.exe,ccapp.exe,inort.exe,isass.exe,regsvr32.exe,java.exe,javaw.exe,msmpeng.exe

Related Content

CB Protection: What are these "File Group Created" Events?

Article Information

Author:

Creation Date:

‎02-06-2019

Views:

374

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.