Carbon Black Cloud: Is it possible to add Certificates to the Banned List?
search cancel

Carbon Black Cloud: Is it possible to add Certificates to the Banned List?

book

Article ID: 285471

calendar_today

Updated On:

Products

Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

Is it possible to ban the Signer/Signature and Certificate Authority (CA) to block files based on their Publisher?

Environment

  • Carbon Black Cloud Console: All Versions
    • Enterprise EDR (formerly CB ThreatHunter)
    • Endpoint Standard (formerly CB Defense)
  • CBC Sensor: All Versions
  • Apple macOS: All Supported Versions
  • Linux: All Supported Versions
  • Microsoft Windows: All Supported Versions

Resolution

No. It is not possible in the product currently to ban using Certs. This KB will be updated as there are changes. 

Additional Information

Please vote for the following posts in Idea Central to add support and visibility for getting this added to a future version of the product.
  • https://community.carbonblack.com/t5/Idea-Central/Add-banning-by-certificate/idi-p/30165
  • https://community.carbonblack.com/t5/Idea-Central/Blacklist-All-or-Parts-of-a-Files-Certificate-Chain-of-Trust/idi-p/70060
Powered by Wolken Software