- Carbon Black Cloud Console: All Versions
Can an administator utilize policy rules to block network based activity?
Yes, you can create a policy rule with the "Communicates over the network" Operation Attempt, using either "Deny operation" or "Terminate process" to block the behavior for specific applications, filenames or paths.
- Network rules cannot be made more granular, meaning that specific IP ranges, URLS, etc. cannot be leveraged in policy rules.
- The "Communicates over the network" Operation Attempt involves any attempted network access, so applications that have been blocked via policy rules will not be able to connect at all.