Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Endpoint Standard: What Is The Difference Between Allow, Allow & Log and Bypass?

Endpoint Standard: What Is The Difference Between Allow, Allow & Log and Bypass?

Environment

  • Carbon Black Cloud Console: All Versions
    • Endpoint Standard (formerly CB Defense)
  • Endpoint Standard Sensor: All Versions

Question

What is the difference between setting a Permissions policy rule to Allow, Allow & Log or Bypass?

Answer

  • Allow - allows the specified behavior in the specified path; None of the specified behavior at the path is logged and no data is sent to the Endpoint Standard backend
  • Allow & Log - allows the specified behavior in the specified path; All activity is logged and reported to the Endpoint Standard backend
  • Bypass - all behavior is allowed in the specified path; Nothing is logged and no data is sent to the Endpoint Standard backend

Additional Notes

  • By design, the Bypass action can only be used with "Performs any operation" or "Performs any API operation"
  • Using Bypass with "Performs any operation" removes all visibility into any behavior within the specified path and should be used as a last resort only
  • Try Bypass with "Performs any API operation" first, which limits the scope of bypass, if you are trying to find a working Permissions rule; For example to address a suspected interoperability issue with another application

Related Content


Was this article helpful? Yes No
75% helpful (3/4)
Article Information
Author:
Creation Date:
‎01-30-2019
Views:
4236
Contributors