Tamper Protection Settings when both App Control and EDR are Installed
search cancel

Tamper Protection Settings when both App Control and EDR are Installed


Article ID: 286451


Updated On:


Carbon Black App Control (formerly Cb Protection) Carbon Black EDR (formerly Cb Response)


How to properly enable Tamper Protect when the Carbon Black EDR sensor and Carbon Black App Control agent are both installed on the same endpoint.


  • EDR Sensor: All Supported Versions
  • App Control Agent: All Supported Versions
  • Microsoft Windows: All Supported Versions


  1. Log in to the App Control Console and navigate to Rules > Software Rules > Rapid Configs.
  2. Verify the Rapid Config, "Carbon Black EDR Tamper Protection" has been Disabled.
  3. Configure Tamper Protection for each product separately:
    1. App Control: Disable/Enable Tamper Protection for App Control
    2. EDR: User Guide > Managing Sensors > Tamper Protection of Windows Sensors

Additional Information

  • Enabling the Rapid Config in App Control when Tamper Protection is already enabled in EDR is not recommended, and does not provide extra protection.
  • The App Control Rapid Config is designed to be used only when EDR Tamper Protection cannot be.
  • Any Windows sensor in a Sensor Group that has Tamper Protection applied but does not meet the minimum OS requirements will default to Tamper Detection.
  • Requirements for EDR Windows Tamper Protection:
    • Minimum OS Versions of Windows 10 v1703 (Desktop) or Windows Server v1709 (Windows build 15163)
    • Minimum Carbon Black EDR versions of v7.2.0 Windows EDR sensor and
    • v7.4.0 Carbon Black EDR Server