Access official resources from Carbon Black experts
What are the default policy settings?
"Locally approve unapproved files in transition from Visibility or Low Enforcement Level to Medium or High" is enabled by default
In some cases a user may modify the Policy settings and experience unexpected results. This document is a reference to default out of the box install.