Environment
- CB Cloud Sensor: All versions
- Windows: All versions
Symptoms
After adding a process path to a Full Bypass rule, EEDR events are unexpectedly still being seen in the CB console for the process (and all its child process, if applicable)
Cause
EEDR events are not managed by the policy rules. The "Full bypass" rule has no effect on the EEDR data, it is only applicable to the NGAV portion the product.
Resolution
Currently, this is working as designed.