Security Connect 2021 is coming Jun 3. Register for free today!

Endpoint Standard: How to add a SHA256 hash to Approved/Banned List

Endpoint Standard: How to add a SHA256 hash to Approved/Banned List

Environment

  • Carbon Black Cloud Console: All Versions
    • Endpoint Standard (was CB Defense)
  • Carbon Black Cloud Linux Sensor: 2.7.0.x and Higher
  • Carbon Black Cloud macOS Sensor: 2.0.x.x and Higher
  • Carbon Black Cloud Windows Sensor: 2.0.x.x and Higher
  • Linux: All Supported Versions
  • macOS: All Supported Versions
  • Microsoft Windows: All Supported Versions

Objective

Provide steps to add a Sha256 hash to the Company Approved List or Company Banned List

Resolution

  1. Log into CBC Console
  2. Go to Enforce > Reputation
  3. Click "+Add" button
  4. Select "Hash" option (default)
  5. Click "Approved List" or "Banned List"
  6. Paste the SHA256 value into the "SHA256 hash" field
  7. Enter the application name
  8. Optionally enter a comment
Alternatively, a file's hash may be whitelisted by selecting the application name while reviewing events in the Investigate tab, provided the application is signed:
  1. Select the application name
  2. Click the "Take Action" drop-down menu
  3. Select either "Add to Allow List" or "Add to Banned List"
  4. Click the "Allow List" or "Banned List" upon the confirmation dialog box appearing
Or the Signature and Certificate Authority (CA) can be added to the Approved List

Additional Notes


Related Content


Was this article helpful? Yes No
100% helpful (2/2)
Article Information
Author:
Creation Date:
‎02-06-2019
Views:
5525
Contributors