Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: Is it possible to add Certificates to the Banned List?

Carbon Black Cloud: Is it possible to add Certificates to the Banned List?

Environment

  • Carbon Black Cloud Console: All Versions
    • Enterprise EDR (formerly CB ThreatHunter)
    • Endpoint Standard (formerly CB Defense)
  • CBC Sensor: All Versions
  • Apple macOS: All Supported Versions
  • Linux: All Supported Versions
  • Microsoft Windows: All Supported Versions

Question

Is it possible to ban the Signer/Signature and Certificate Authority (CA) to block files based on their Publisher?

Answer

No. It is not possible in the product currently to ban using Certs. This KB will be updated as there are changes. 

Additional Notes

Please vote for the following posts in Idea Central to add support and visibility for getting this added to a future version of the product.

Was this article helpful? Yes No
100% helpful (2/2)
Article Information
Author:
Creation Date:
‎09-09-2020
Views:
754
Contributors