CB Defense: Policy Rules Apply to Unexpected Paths
book
Article ID: 287036
calendar_today
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Issue/Introduction
- Policy rules may be found to apply to unexpected paths
- For example, **\windows is translated as **\windows*, which would match all filenames starting with "windows"
Environment
- CB Defense PSC Sensor: 3.2.x.x-3.3.x.x
- CB Defense PSC Console: All supported versions
- Microsoft Windows: All supported versions
Cause
There is a known issue where the Sensor applies the asterisk to non-directories
Resolution
Engineering has investigated this issue and a fix is included in the 3.4.0.1016 and higher Sensors
Additional Information
- Previous to 3.4.0.1016, the sensor appended a single asterisk to any path identified as a glob pattern if it did not already end with an asterisk
- Starting with 3.4.0.1016, this asterisk is no longer appended
- Any policy rules that rely on this translation issue to function as desired will need to be updated
For example
- The path **\windows was translated as **\windows*, which would match all filenames starting with windows
- Now **\windows will only match an extensionless file named windows
Feedback
thumb_up
Yes
thumb_down
No