Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

Environment

Cb Defense Web Console: All Versions
Cb Defense Sensor: All Versions
A path containing a comma is specified in "Applications at path(s)" for Permissions policy rules

Symptoms

Rule doesn't apply
Application(s) in path aren't excluded from blocking/termination or monitoring by Cb Defense Sensor

Cause

A comma will terminate the line and begin a new pattern
This is a server-side limitation

Resolution

Use the question mark character wildcard in place of the comma in the path

Example

C:\program files 86\acme technologies, inc\folder\application.exe

C:\program files 86\acme technologies? inc\folder\application.exe

Additional Notes

Same limitation and workaround apply to Blocking and Isolation policy rules
If you'd like to see this limitation eliminated in future versions, please up-vote
The limitation described in this article does not affect policy rules not based on specific path

Related Content

Cb Defense: How to Create Policy Blocking & Isolation and Permissions Exclusions

Cb Defense: How to Set up Exclusions for AV Products

Cb Defense: What Is The Difference Between Allow, Allow & Log and Bypass?

Cb Defense: Achieving Good, Better and Best Policies

Policy Rules: Paths with Comma's -- bad juju

Article Information

Author:

Creation Date:

‎08-21-2018

Views:

1517

Contributors

sdurney

esullivan

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.