logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

Carbon Black Cloud: Events Still Being Sent When Process is in Full Bypass Rule

Carbon Black Cloud: Events Still Being Sent When Process is in Full Bypass Rule

Environment

  • CB Cloud Sensor:  All versions
  • Windows:  All versions

Symptoms

After adding a process path to a Full Bypass rule, EEDR events are unexpectedly still being seen in the CB console for the process (and all its child process, if applicable)

Cause

EEDR events are not managed by the policy rules.  The "Full bypass" rule has no effect on the EEDR data, it is only applicable to the NGAV portion the product.

Resolution

Currently, this is working as designed.

Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
CB_Support
Creation Date:
‎05-23-2022
Views:
324
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.