Ignore Directory During Initialization
search cancel

Ignore Directory During Initialization

book

Article ID: 286691

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

Steps to ignore directories during Initialization and Cache Consistency Checks.

Environment

  • App Control Console: All Supported Versions
  • App Control Agent: All Supported Versions

Resolution

IMPORTANT Ignoring files during Initialization will prevent the Agent from knowing about these files.

  • Files that exist on the endpoint at Initialization will receive a Local State of Approved and be allowed to execute.
    • An exception to this, would be files that match the cc_ignore_patterns or if that same file has been Globally Banned on the Server.
    • More details on Initialization can be found in TechDocs > User Guide > App Control Overview > How App Control Works.
  • Ignoring files during Initialization could result in Unexpected Blocks or a potential performance issue.
    • Executing a file from a local volume will be slower if the Agent must discover & analyze it on execution.
  • In some instances ignoring those files during Initialization may be desired
    • For security, ex: prevent Locally Approving files downloaded by the User before the Agent was installed.
    • For performance, ex: skipping analysis of files that are otherwise not expected to execute.
  1. Log in to the Console and navigate to https://ServerAddress/agent_config.php
  2. Click Show Filters > Add Filter > Value > Begins with: cc_ignore_patterns=
    • If an Agent Config exists it can be added to by clicking the Edit (pencil) icon. Example: 
      Value: cc_ignore_patterns=*.vmhd,*.vmhdx,*.bigfile
    • Alternatively a new Agent Config can be created to target a specific endpoint, Policy, Platform, or combination of those options. Example: 
      Name: Initialization Ignore - User Downloads
Host ID: 0
Value: cc_ignore_patterns=C:\Users\*\Downloads\*
Platform: Windows
Status: Enabled
Create For: Selected Policies > Desktops-HE

Additional Information

  • Test on single endpoint first to validate configuration.
  • Paths should be made as specific as possible, and can include wildcards.
Powered by Wolken Software