Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: How to Disable Core Prevention Rules

Carbon Black Cloud: How to Disable Core Prevention Rules

Environment

  • Carbon Black Console: April 2022 Release (0.77.x) and Higher
  • Carbon Black Cloud Windows Sensor: 3.6.x.x and Higher
  • Microsoft Windows: All Supported Versions

Objective

Provide steps for disabling individual Core Prevention rule-sets

Resolution

  1. Go to Enforce > Policies > Prevention Tab
  2. Expand Section “Core Prevention”
  3. Click desired Core Prevention name
    Advanced Scripting Prevention (Windows AMSI)
    Emerging Threats
    Credential Theft
    Privilege Escalation
    Ransomware
  4. Toggle blocking as desired
    "Alert only" OR "Block and Alert" Recommended

Additional Notes

The primary recommendation when a Core Prevention rule is causing a block is to create a Core Prevention exclusion, rather than disabling blocking.

Related Content


Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎10-05-2023
Views:
379
Contributors