What are the known limitations of adding hashes to the Banned List?
Article ID: 285336
Updated On:
Products
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Issue/Introduction
What are the known limitations of adding hashes to the Banned List?
Environment
- Carbon Black Cloud Console: All Versions
- Windows Sensor: All Supported Versions
- Linux Sensor: All Supported Versions
- MacOS Sensor: Sensor Version To Be Determined
Resolution
- CBC only supports SHA-256 for enforcing banned files by hash - there is no support for MD5 hashes on the Banned List
- No support for Approved applications
- No support for banning by certificate or IT Tool
- No support for viewing or disabling the Watchlist that generates the Alerts for banned processes
- No support for disabling Alerts for banned processes
- No support for sensor group-based banning - Banned List applies to all endpoints in the Organization
- No central reporting of how many times a particular hash has been denied or terminated, how many devices or when last banned
Feedback
Yes
No
Powered by
