Carbon Black Cloud: How to Utilize IT Tools Allow list Feature

Carbon Black Cloud: How to Utilize IT Tools Allow list Feature

Environment

  • Carbon Black Cloud Console: All Versions

Objective

How to utilize the IT Tools Allow list feature

Resolution

  1. Navigate to the Reputation page.
  2. Click on the "Add" button.
  3. A modal pop-up window appears.  Select "IT Tools" as the type.
  4. Files created by these processes (or processes in this path), will be given LOCAL_WHITE reputation
  5. Check the "Include all child processes" box if you would like files created by those child processes to also receive the LOCAL_WHITE reputation

Additional Notes

Drive letters and the following wildcards can be used when specifying the IT Tools path:

WildcardDescriptionExample
*Matches 0 or more consecutive characters up to a single sub-directory level.

C:\program files*\custom application\*.exe

Allow lists files created by any executable in

c:\program files\custom application\

c:\program files(x86)\custom application\

**Matches a partial path across all sub-directory levels and is recursive.

C:\Python27\Lib\site-packages\**

Allow lists files created by any executable in that directory and all subdirectories

?Matches 0 or 1 character in that position.

C:\Program Files\Microsoft Visual Studio 1?.0\**

Allow lists files created by any executable in the MS Visual Studio version 1 or versions 10-19 directories


Related Content


Was this article helpful? Yes No
84% helpful (5/6)
Article Information
Author:
Creation Date:
‎12-06-2016
Views:
10987
Contributors