Carbon Black Cloud: How does CBC warn you when you try and block Processes on Trusted White List?
Carbon Black Cloud Console: All Versions
How does CBC warn you when you try and block Processes on Trusted White List?
While investigating an alert please also review the Binary Details of a file. This will allow you to understand more about the file and see how CBC has the file listed.
If you choose to ban a known good and trusted white list item you will be prompted with a page that will tell you how many times the Hash has been seen in your organization over the last six months along with the current Cloud Reputation and Singed by.
If you continue to add the file you will be required to select a check a box beside a note stating
"I agree to add this hash to the company Banned list"
with a warning above stating
"This hash is commonly trusted and widely used. Ban Anyway?"
in Red. Example: The hash for svchost.exe is an example of a file that will prompt you in this method.