Carbon Black Cloud: In What Order are Policy Rules Processed by the Sensor?
Article ID: 287096
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Issue/Introduction
In what order are policy rules processed by the Sensor?
Environment
- Carbon Black Cloud Console
- Carbon Black Cloud Sensor: All Supported Versions
Resolution
Policies are processed by the sensor in the following order:
| # | Policy Action |
|---|---|
| 1 | Ignore: Allow (no log) or Bypass |
| 2 | Allow: Allow & Log |
| 3 | Terminate |
| 4 | Deny |
Additional Information
- Sensor bypass disables all policy enforcement so the policy processing information above would not apply
- Since we check first policies with terminate action first, policy action to terminate will trump deny, allow trumps terminate, etc.
Feedback
Yes
No
Powered by
