Environment
- Carbon Black Cloud Console: All Versions
- Enterprise EDR (formerly CB ThreatHunter)
- Endpoint Standard (formerly CB Defense)
- CBC Sensor: All Versions
- Apple macOS: All Supported Versions
- Linux: All Supported Versions
- Microsoft Windows: All Supported Versions
Question
Is it possible to ban the Signer/Signature and Certificate Authority (CA) to block files based on their Publisher?
Answer
No. It is not possible in the product currently to ban using Certs. This KB will be updated as there are changes.
Additional Notes
Please vote for the following posts in
Idea Central to add support and visibility for getting this added to a future version of the product.