Access official resources from Carbon Black experts
What are the default policy settings?
Name | Status |
---|---|
Block Unanalyzed scripts and executables | Active |
Block Unapproved scripts | Active |
Block Unapproved executables | Active |
Block banned file names | Active (locked) |
Block banned file hashes | Active |
Block executables run from network drive | Off |
Block files with banned publishers or certificates | Active |
Enforce memory rules | Active (locked) |
Enforced registry rules | Active (locked) |
Enforce custom (file and path) rules | Active (locked) |
Enforced tamper protection | Active (locked) |
Terminate processes with banned images | Report Only |
"Locally approve unapproved files in transition from Visibility or Low Enforcement Level to Medium or High" is enabled by default
Name | Status |
---|---|
Block writes to unapproved removable devices | Off |
Block writes to banned removable devices | Active |
Report reads from unapproved removable devices | Off |
Report reads from banned removable devices | Off |
Block executions from unapproved removable devices | Off |
Block executions from banned removed devices | Active |
In some cases a user may modify the Policy settings and experience unexpected results. This document is a reference to default out of the box install.
Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.