Carbon Black Cloud: Is it possible to add Certificates to the Banned List?
book
Article ID: 285471
calendar_today
Updated On:
Products
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Issue/Introduction
Is it possible to ban the Signer/Signature and Certificate Authority (CA) to block files based on their Publisher?
Environment
- Carbon Black Cloud Console: All Versions
- Enterprise EDR (formerly CB ThreatHunter)
- Endpoint Standard (formerly CB Defense)
- CBC Sensor: All Versions
- Apple macOS: All Supported Versions
- Linux: All Supported Versions
- Microsoft Windows: All Supported Versions
Resolution
No. It is not possible in the product currently to ban using Certs. This KB will be updated as there are changes.
Additional Information
Please vote for the following posts in
Idea Central to add support and visibility for getting this added to a future version of the product.
- https://community.carbonblack.com/t5/Idea-Central/Add-banning-by-certificate/idi-p/30165
- https://community.carbonblack.com/t5/Idea-Central/Blacklist-All-or-Parts-of-a-Files-Certificate-Chain-of-Trust/idi-p/70060
Feedback
thumb_up
Yes
thumb_down
No