App Control: Rule Processing - Order of Precedence
Article ID: 286498
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
What is the order of precedence for rule processing in App Control?
Environment
- App Control Console : All Supported Versions
- App Control Agent: All Supported Versions
Resolution
The ranking is:
- Tamper Protection
- Updaters and Rapid Configs
- User Created Custom Rules*
- Out of the box Internal Rules for blocking & reporting*
Additional Information
- Within Rules > Software Rules > Custom Rules there are out of the box rules that cannot be deleted. User Created rules can either be set above or below the built in rules. One scenario may call for a Custom Rule to be above the default "Block banned files" or "Block unapproved files" and another scenario may call for it to be below. This is so that user rules can override the built in behavior, if desired.
- If a file is Locally or Globally Approved, and an Execution Control Rule is written by the user block the execution of the same file (via path/process) - the file would be blocked.
Feedback
Yes
No
Powered by
