App Control: Ransomware rapid config reports malicious behavior, but does not stop it.
search cancel

App Control: Ransomware rapid config reports malicious behavior, but does not stop it.

book

Article ID: 286223

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

  • In the console, the Ransomware rapid config is enabled.  
  • However, a recent ransomware attack was reported, but not stopped.

Environment

  • App Control (formerly CB Protection) Console: All Supported Versions

Cause

The rapid config is set to report only, rather than to block.

Resolution

Enable blocking for the Ransomware rapid config:
  1. Open the App Control Console.
  2. Navigate to Rules > Software Rules > Rapid Config
  3. Edit the config titled "Ransomware Protection"
  4. There are several sections of the rapid config, all defaulting to "report only".  You can switch any or all of these to block for active protection.
  5. Save the configuration changes.