Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: How to Auto-delete known malware hashes by default

Carbon Black Cloud: How to Auto-delete known malware hashes by default

Environment

  • Carbon Black Cloud Web Console: All Current Versions
  • Carbon Black Cloud Windows Sensor: 3.2.1 and later
  • Carbon Black Cloud Mac Sensor: 3.3 and later
  • Microsoft Windows: All Versions
  • Apple MacOS: All Versions

Objective

How to Auto-delete known malware hashes by default

Resolution

To auto-delete known malware from the Carbon Black Cloud Web Console:
  1. Select Enforce > Policies
  2. Select [Policy Name] > Sensor Tab > then select "Auto-delete known malware hashes after"
  3. Select a time frame: 1 Day, 1 Week, 2 Weeks, 1 Month, 4 Months (default is 2 Weeks)
  4. Select "Save" to save selection
  5. After the policy setting is enabled, all new, executable malware is deleted at the end of the selected time frame

All deleted malware files are permanent and cannot be restored



Auto-delete does not delete files that are signed by Microsoft, Carbon Black files, or files that have had their hashes changed


Additional Notes

  • If "Auto-delete known malware hashes after" is not enabled, the sensor performs an in-place quarantine which prevents the known malware from running or allowing other files to access this file if the applicable policies enabled
  • Use the audit log to see deleted malware, malware scheduled for deletion, and admin actions. Search the Audit Log for the hash you requested deletion of to see other events associated with the hash.
  • After malware is deleted, it is removed from the Detected tab and moved to the Deleted tab of the "Malware Removal" Page

Related Content


Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎09-09-2020
Views:
1906
Contributors