Cb Protection: Windows files discovered with Write Ignore rules in place
Article ID: 286917
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
- System files that should have been ignored by rules, are being discovered.
Environment
- Cb Protection Agent: All Supported Versions
- Microsoft Windows: All Supported Versions
Cause
The cause for the discovery is due to another operation accessing the file, such as executes or reads. Due to the way Windows handles files, and because all operations are being tracked, a file you may have a write ignore rule for, may still be discovered.
Resolution
Adding in execute allow rules, may be required.
Ignoring all operations on a file will reduce visibility, so it is not recommended unless expressly required.
Ignoring all operations on a file will reduce visibility, so it is not recommended unless expressly required.
Feedback
Yes
No
Powered by
