logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

App Control: Rule Processing - Order of Precedence

App Control: Rule Processing - Order of Precedence

Environment

  • App Control Console : All Supported Versions
  • App Control Agent: All Supported Versions

Question

What is the order of precedence for rule processing in App Control?

Answer

The ranking is:
  1. Tamper Protection
  2. Updaters and Rapid Configs
  3. User Created Custom Rules*
  4. Out of the box Internal Rules for blocking & reporting*

Additional Notes

  • Within Rules > Software Rules > Custom Rules there are out of the box rules that cannot be deleted. User Created rules can either be set above or below the built in rules. One scenario may call for a Custom Rule to be above the default "Block banned files" or "Block unapproved files" and another scenario may call for it to be below. This is so that user rules can override the built in behavior, if desired.
  • If a file is Locally or Globally Approved, and an Execution Control Rule is written by the user block the execution of the same file (via path/process) - the file would be blocked.

Related Content


Labels (1)
Labels:
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎09-28-2018
Views:
2673
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.