Environment
- Carbon Black Protection: All Versions
Question
What are the default policy settings?
Answer
Name | Status
|
---|
Block Unanalyzed scripts and executables | Active |
Block Unapproved scripts | Active |
Block Unapproved executables | Active |
Block banned file names | Active (locked) |
Block banned file hashes | Active |
Block executables run from network drive | Off |
Block files with banned publishers or certificates | Active |
Enforce memory rules | Active (locked) |
Enforced registry rules | Active (locked) |
Enforce custom (file and path) rules | Active (locked) |
Enforced tamper protection | Active (locked) |
Terminate processes with banned images | Report Only |
"Locally approve unapproved files in transition from Visibility or Low Enforcement Level to Medium or High" is enabled by default
Name | Status
|
---|
Block writes to unapproved removable devices | Off |
Block writes to banned removable devices | Active |
Report reads from unapproved removable devices | Off |
Report reads from banned removable devices | Off |
Block executions from unapproved removable devices | Off |
Block executions from banned removed devices | Active |
Additional Notes
In some cases a user may modify the Policy settings and experience unexpected results. This document is a reference to default out of the box install.