Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: Events Still Being Sent When Process is in Full Bypass Rule

Carbon Black Cloud: Events Still Being Sent When Process is in Full Bypass Rule

Environment

  • CB Cloud Sensor:  All versions
  • Windows:  All versions

Symptoms

After adding a process path to a Full Bypass rule, EEDR events are unexpectedly still being seen in the CB console for the process (and all its child process, if applicable)

Cause

EEDR events are not managed by the policy rules.  The "Full bypass" rule has no effect on the EEDR data, it is only applicable to the NGAV portion the product.

Resolution

Currently, this is working as designed.

Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
Creation Date:
‎05-23-2022
Views:
58
Contributors