Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Cb Defense: Permissions rules don't work if Application Path contains a comma

Cb Defense: Permissions rules don't work if Application Path contains a comma

Environment

  • Cb Defense Web Console: All Versions
  • Cb Defense Sensor: All Versions
  • A path containing a comma is specified in "Applications at path(s)" for Permissions policy rules

Symptoms

  • Rule doesn't apply
  • Application(s) in path aren't excluded from blocking/termination or monitoring by Cb Defense Sensor

Cause

  • A comma will terminate the line and begin a new pattern
  • This is a server-side limitation

Resolution

  • Use the question mark character wildcard in place of the comma in the path

Example

C:\program files 86\acme technologies, inc\folder\application.exe

C:\program files 86\acme technologies? inc\folder\application.exe

Additional Notes

  • Same limitation and workaround apply to Blocking and Isolation policy rules
  • If you'd like to see this limitation eliminated in future versions, please up-vote
  • The limitation described in this article does not affect policy rules not based on specific path

Related Content

Cb Defense: How to Create Policy Blocking & Isolation and Permissions Exclusions

Cb Defense: How to Set up Exclusions for AV Products

Cb Defense: What Is The Difference Between Allow, Allow & Log and Bypass?

Cb Defense: Achieving Good, Better and Best Policies

Policy Rules: Paths with Comma's -- bad juju

Labels (1)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎08-21-2018
Views:
1312
Contributors