Environment
- Carbon Black Cloud Console: All Versions
Objective
How to utilize the IT Tools Allow list feature
Resolution
- Navigate to the Reputation page.
- Click on the "Add" button.
- A modal pop-up window appears. Select "IT Tools" as the type.
- Files created by these processes (or processes in this path), will be given LOCAL_WHITE reputation
- Check the "Include all child processes" box if you would like files created by those child processes to also receive the LOCAL_WHITE reputation
Additional Notes
Drive letters and the following wildcards can be used when specifying the IT Tools path:
| Wildcard | Description | Example |
|---|
| * | Matches 0 or more consecutive characters up to a single sub-directory level. |
C:\program files*\custom application\*.exe
Allow lists files created by any executable in
c:\program files\custom application\
c:\program files(x86)\custom application\
|
| ** | Matches a partial path across all sub-directory levels and is recursive. |
C:\Python27\Lib\site-packages\**
Allow lists files created by any executable in that directory and all subdirectories
|
| ? | Matches 0 or 1 character in that position. |
C:\Program Files\Microsoft Visual Studio 1?.0\**
Allow lists files created by any executable in the MS Visual Studio version 1 or versions 10-19 directories
|
Related Content
