Knowledge Base

Yes

Environment

Carbon Black Protection: All Versions

Question

What are the default policy settings?

Answer

Advanced

Name	Status
Block Unanalyzed scripts and executables	Active
Block Unapproved scripts	Active
Block Unapproved executables	Active
Block banned file names	Active (locked)
Block banned file hashes	Active
Block executables run from network drive	Off
Block files with banned publishers or certificates	Active
Enforce memory rules	Active (locked)
Enforced registry rules	Active (locked)
Enforce custom (file and path) rules	Active (locked)
Enforced tamper protection	Active (locked)
Terminate processes with banned images	Report Only

"Locally approve unapproved files in transition from Visibility or Low Enforcement Level to Medium or High" is enabled by default

Device Control Settings

Name	Status
Block writes to unapproved removable devices	Off
Block writes to banned removable devices	Active
Report reads from unapproved removable devices	Off
Report reads from banned removable devices	Off
Block executions from unapproved removable devices	Off
Block executions from banned removed devices	Active

Additional Notes

In some cases a user may modify the Policy settings and experience unexpected results. This document is a reference to default out of the box install.

Knowledge Base

Cb Protection: Default Policy Settings

Cb Protection: Default Policy Settings

Environment

Question

Answer

Additional Notes

App Control

Knowledge Base

Cb Protection: Default Policy Settings

Cb Protection: Default Policy Settings

Environment

Question

Answer

Additional Notes

App Control

Thank you for your feedback.

Thank you for your feedback.