App Control: Ransomware rapid config reports malicious behavior, but does not stop it.
book
Article ID: 286223
calendar_today
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
- In the console, the Ransomware rapid config is enabled.
- However, a recent ransomware attack was reported, but not stopped.
Environment
- App Control (formerly CB Protection) Console: All Supported Versions
Cause
The rapid config is set to report only, rather than to block.
Resolution
Enable blocking for the Ransomware rapid config:
- Open the App Control Console.
- Navigate to Rules > Software Rules > Rapid Config
- Edit the config titled "Ransomware Protection"
- There are several sections of the rapid config, all defaulting to "report only". You can switch any or all of these to block for active protection.
- Save the configuration changes.
Feedback
thumb_up
Yes
thumb_down
No