Knowledge Base

Access official resources from Carbon Black experts

Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Environment

Cb Defense Web Console: All Versions
Cb Defense Sensor: All Versions
A path containing a comma is specified in "Applications at path(s)" for Permissions policy rules

Symptoms

Rule doesn't apply
Application(s) in path aren't excluded from blocking/termination or monitoring by Cb Defense Sensor

Cause

A comma will terminate the line and begin a new pattern
This is a server-side limitation

Resolution

Use the question mark character wildcard in place of the comma in the path

Example

C:\program files 86\acme technologies, inc\folder\application.exe

C:\program files 86\acme technologies? inc\folder\application.exe

Additional Notes

Same limitation and workaround apply to Blocking and Isolation policy rules
If you'd like to see this limitation eliminated in future versions, please up-vote
The limitation described in this article does not affect policy rules not based on specific path

Related Content

Cb Defense: How to Create Policy Blocking & Isolation and Permissions Exclusions

Cb Defense: How to Set up Exclusions for AV Products

Cb Defense: What Is The Difference Between Allow, Allow & Log and Bypass?

Cb Defense: Achieving Good, Better and Best Policies

Policy Rules: Paths with Comma's -- bad juju

Article Information

Author:

Creation Date:

‎08-21-2018

Views:

1422

Contributors

sdurney

esullivan