App Control Server: How to automatically ban a hash when detected as Malicious by CDC
Article ID: 286525
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
- Automatically ban a hash when detected as Malicious by CDC
- Setup an event rule to automatically ban hashes when "Malicious file is detected" event is triggered
Environment
- App Control Server: All Supported Versions
Resolution
- Log in to the Console and navigate to Rules > Event Rules.
- Click View Details (pencil icon) on the Event Rule: [Sample] Report Malicious files
- This default rule can be modified from "Ban (Report Only)" to "Ban" if desired.
Additional Information
- By default, event rules will change any pre-existing file state (IE if the file was approved, it will be changed to banned). If you would like to override this behavior you can add a filter so the rule only applies to unapproved files (File Properties filter > File State IS: Unapproved).
- More information on event rules can be found in Chapter 19 "Event Rules" in the User Guide.
Feedback
Yes
No
Powered by
