Carbon Black Cloud: How to Set up Exclusions in the Carbon Black Cloud Console for AV Products
Carbon Black Cloud Console: All Versions
Endpoint Standard (Formerly CB Defense)
Set up exclusions for an AV product in the Carbon Black Cloud Console
Log in to the Carbon Black Cloud Console
Go to Enforce > Policies
Select the desired Policy and click on the Prevention tab (See NOTE, in additional Notes Section)
Click plus sign (+) next to "Permissions" section (If this section has already been expanded you will not see the + sign, until the - sign has been clicked and the section collapses)
Click "Add application path" in "Permissions" section
Enter the recommended file/folder exclusions from the appropriate security vendor
Check "Bypass" option box for "Performs Any Operation"
Always carefully consider risks and benefits of setting up a permission rule for any application.
Search online for the recommendations from the vendor of the 3rd party software in relation to scanning AV (the closest thing to NGAV currently being called out)
Endpoint Standard sensor may interfere with an AV product installed on the same system. According to different policy rules, the Endpoint Standard sensor may prevent AV from taking actions to files or system.
For example, if a "known malware" blocking policy rule exists in device group, the Endpoint Standard sensor may block an AV product from accessing malicious files per that policy rule. This may prevent AV from being able to scan or quarantine malicious files.
This kind of interference is not an interoperability issue with an AV product, but a normal policy action with Endpoint Standard working as designed. In order to prevent this kind of interference, permissions need to be set up for respective AV folders/executables following the steps above