Where is the documentation on when to use Policy permissions vs Core Preventions vs the new Event Reporting / Process exclusions?
search cancel

Where is the documentation on when to use Policy permissions vs Core Preventions vs the new Event Reporting / Process exclusions?

book

Article ID: 285025

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

Where does one find documentation on when and how to use Policy permissions, Core Preventions and the new Event Reporting / Process Exclusions features?

Environment

  • Carbon Black Cloud Console: All versions as of February, 2024
  • Carbon Black Cloud Standard Endpoint (ES): All versions
  • Carbon Black Cloud Enterprise EDR (EEDR): All versions
  • Carbon Black Cloud Windows Sensor: Varies by feature. Use the 4.0.x or greater Windows Sensor for all features to be available.
  • Microsoft Windows: All supported versions.

Resolution

Additional Information

Carbon Black Cloud has continued to create methods to exclude items for different reasons. We have a number of options depending on the product you own and the goal for the exclusion. Below is a list of some of the common items we see.

Policy permissions:

Core Preventions

Event Reporting / Process Exclusions

Other