App Control Server: How to automatically ban a hash when detected as Malicious by CDC
search cancel

App Control Server: How to automatically ban a hash when detected as Malicious by CDC

book

Article ID: 286525

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

  • Automatically ban a hash when detected as Malicious by CDC
  • Setup an event rule to automatically ban hashes when "Malicious file is detected" event is triggered

Environment

  • App Control Server: All Supported Versions

Resolution

  1. Log in to the Console and navigate to Rules > Event Rules.
  2. Click View Details (pencil icon) on the Event Rule: [Sample] Report Malicious files
  3. This default rule can be modified from "Ban (Report Only)" to "Ban" if desired.

Additional Information

  • By default, event rules will change any pre-existing file state (IE if the file was approved, it will be changed to banned). If you would like to override this behavior you can add a filter so the rule only applies to¬†unapproved files (File Properties filter > File State IS: Unapproved).
  • More information on event rules can be found in Chapter 19 "Event Rules" in the User Guide.