Environment
- Carbon Black Cloud Console: All Versions
- Endpoint Standard (formerly CB Defense)
- Enterprise EDR (formerly CB ThreatHunter)
- PSC Sensor: 3.3.x.x and Higher
- Microsoft Windows: All Supported Versions
- Apple macOS:: All Supported Versions
Symptoms
Within ThreatHunter orgs that have Endpoint Standard Rules enabled or have both Endpoint Standard and Enterprise EDR, bypass rules do not appear to be honored as the console still shows Enterprise EDR data.
Cause
Bypass rules created under the standard Policy pages do not apply to the Enterprise EDR portion of the sensor. This means that the sensor will still record events locally and upload these to the console despite a bypass rule in place.
Resolution
Additional Notes
Related Content