Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Cb Protection: Default Policy Settings

Cb Protection: Default Policy Settings

Environment

  • Carbon Black Protection: All Versions

Question

What are the default policy settings?

Answer

  • Advanced

NameStatus
Block Unanalyzed scripts and executablesActive
Block Unapproved scriptsActive
Block Unapproved executablesActive
Block banned file namesActive (locked)
Block banned file hashes

Active

Block executables run from network drive

Off

Block files with banned publishers or certificatesActive
Enforce memory rulesActive (locked)
Enforced registry rulesActive (locked)
Enforce custom (file and path) rulesActive (locked)
Enforced tamper protectionActive (locked)
Terminate processes with banned imagesReport Only

"Locally approve unapproved files in transition from Visibility or Low Enforcement Level to Medium or High" is enabled by default

  • Device Control Settings

NameStatus
Block writes to unapproved removable devices

Off                    

Block writes to banned removable devicesActive
Report reads from unapproved removable devicesOff
Report reads from banned removable devicesOff
Block executions from unapproved removable devicesOff
Block executions from banned removed devicesActive

Additional Notes

In some cases a user may modify the Policy settings and experience unexpected results. This document is a reference to default out of the box install.

Labels (1)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎05-16-2018
Views:
1620
Contributors