Access official resources from Carbon Black experts
Description: Dictates whether or not the agent will temporarily locally approve a file when unable to re-hash at time of execution when the last known hash for the file was approved. The purpose of this is to reduce the number of unanalyzed blocks.
Security Risk: Minimal/moderate (A malicious actor could overwrite an approved file with new content and lock the file, preventing analysis as a means of bypassing enforcement)
Operational Risk: Net plus decrease the number of analyzed blocks
Conflicts or Overlaps: Some overlap with allow_inaccessible_files
Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.