Utilize IT Tools Allow list Feature
search cancel

Utilize IT Tools Allow list Feature

book

Article ID: 285318

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

How to utilize the IT Tools Allow list feature

Environment

  • Carbon Black Cloud Console: All Versions

Resolution

  1. Navigate to the Reputation page.
  2. Click on the "Add" button.
  3. A modal pop-up window appears.  Select "IT Tools" as the type.
  4. Files created by these processes (or processes in this path), will be given LOCAL_WHITE reputation
  5. Check the "Include all child processes" box if you would like files created by those child processes to also receive the LOCAL_WHITE reputation

Additional Information

Drive letters and the following wildcards can be used when specifying the IT Tools path:

WildcardDescriptionExample
*Matches 0 or more consecutive characters up to a single sub-directory level.

C:\program files*\custom application\*.exe

Allow lists files created by any executable in

c:\program files\custom application\

c:\program files(x86)\custom application\

**Matches a partial path across all sub-directory levels and is recursive.

C:\Python27\Lib\site-packages\**

Allow lists files created by any executable in that directory and all subdirectories

?Matches 0 or 1 character in that position.

C:\Program Files\Microsoft Visual Studio 1?.0\**

Allow lists files created by any executable in the MS Visual Studio version 1 or versions 10-19 directories