How to Add a SHA256 Hash to Approved/Banned List
search cancel

How to Add a SHA256 Hash to Approved/Banned List

book

Article ID: 287101

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

Provide steps to add a Sha256 hash to the Company Approved List or Company Banned List

Environment

  • Carbon Black Cloud Console: All Versions
  • Carbon Black Cloud Linux Sensor: 2.7.0.x and Higher
  • Carbon Black Cloud macOS Sensor: 2.0.x.x and Higher
  • Carbon Black Cloud Windows Sensor: 2.0.x.x and Higher
  • Enteprise EDR Windows Sensor: 3.7.0.1253 and newer
  • Linux: All Supported Versions
  • macOS: All Supported Versions
  • Microsoft Windows: All Supported Versions

Resolution

For a single hash:
  1. Log into Carbon Black Cloud Console
  2. Go to Enforce > Reputation
  3. Click "+Add" button
  4. Select "Hash" option (default)
  5. Click "Approved List" or "Banned List"
  6. Paste the SHA256 value into the "SHA256 hash" field
  7. Enter the application name
  8. Optionally enter a comment
For multiple hashes:
  1. Log into Carbon Black Cloud Console
  2. Go to Enforce > Reputation
  3. Click "Upload" > "File Format" to review the required format for upload
  4. Click "Select" to upload a .csv when ready

Additional Information

  • Alternatively, a file's hash may be allowed by selecting the application name while reviewing events in the Investigate tab, provided the application is signed:
    1. Select the application name
    2. Click the "Take Action" drop-down menu
    3. Select either "Add to Allow List" or "Add to Banned List"
    4. Click the "Allow List" or "Banned List" upon the confirmation dialog box appearing
  • VMware Carbon Black is working to eliminate offensive terminology
    • Approved List replaces Whitelist
    • Banned List replaces Blacklist
  • There is no limit to the number of hashes that can be added to the lists.
  • With Enterprise EDR only org, we do not have the functionality of adding a hash to the COMPANY APPROVED list. Adding a hash to a COMPANY BANNED list is possible with the Enterprise EDR only org.