EDR: Users Without Global Admin Permission Can Access Live Response Functionality

search cancel

EDR: Users Without Global Admin Permission Can Access Live Response Functionality

book

Article ID: 287241

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

Users who are not assigned the role of Global Administrator in the CB Response UI are able to use Live Response.

Environment

EDR Server: 6.2.4 and Higher

Cause

User has the new Analyst role in CB Response UI.

Resolution

This is by design; if the user should not have access to use Live Response, the user's role needs to be modified to either Viewer or No Access.

Additional Information

The Analyst role gives the user access to functions, including Live Response, for using CB Response to monitor and respond to suspicious or malicious activity on endpoints.

Feedback

thumb_up Yes

thumb_down No