Carbon Black Cloud: Is banning available on individual sensor basis?
search cancel

Carbon Black Cloud: Is banning available on individual sensor basis?

book

Article ID: 285431

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense)

Issue/Introduction

Can you ban applications on a per sensor basis?

Environment

  • Carbon Black Cloud Sensor: All supported Versions
  • Carbon Black Cloud Console: All versions
  • Microsoft Windows: All Supported Versions
  • Apple MacOS: All Supported Versions

Resolution

You can add the application or path to an existing policy by creating a blocking rule for Runs or is running to Terminate Process. See the example below:
  
Application(s) at path: 
powershell.exe 

Operation attempt: 
Runs or is running 

Action: 
Terminate process

Additional Information

There is an open feature request to have this added into the product here: https://community.carbonblack.com/t5/Idea-Central/CB-Defense-Ability-to-blacklist-applications-per-sensor/idi-p/70616#M7861
Powered by Wolken Software