Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: Is banning available on individual sensor basis?

Carbon Black Cloud: Is banning available on individual sensor basis?

Environment

  • Carbon Black Cloud Sensor: All supported Versions
  • Carbon Black Cloud Console: All versions
  • Microsoft Windows: All Supported Versions
  • Apple MacOS: All Supported Versions

Question

Can you ban applications on a per sensor basis?

Answer

You can add the application or path to an existing policy by creating a blocking rule for Runs or is running to Terminate Process. See the example below:
 
Application(s) at path: 
powershell.exe 

Operation attempt: 
Runs or is running 

Action: 
Terminate process

Additional Notes

There is an open feature request to have this added into the product here: CB Defense: Ability to blacklist applications per sensor

Related Content


Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
Creation Date:
‎04-09-2019
Views:
462
Contributors