App Control Server: How to automatically ban a hash when detected as Malicious by CDC
book
Article ID: 286525
calendar_today
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
Automatically ban a hash when detected as Malicious by CDC
Setup an event rule to automatically ban hashes when "Malicious file is detected" event is triggered
Environment
App Control Server: All Supported Versions
Resolution
Log in to the Console and navigate to Rules > Event Rules.
Click View Details (pencil icon) on the Event Rule: [Sample] Report Malicious files
This default rule can be modified from "Ban (Report Only)" to "Ban" if desired.
Additional Information
By default, event rules will change any pre-existing file state (IE if the file was approved, it will be changed to banned). If you would like to override this behavior you can add a filter so the rule only applies to unapproved files (File Properties filter > File State IS: Unapproved).
More information on event rules can be found in Chapter 19 "Event Rules" in the User Guide.