Endpoint Standard: Can False Positives be Prevented So Legitimate Applications Do Not Get Blocked?
search cancel

Endpoint Standard: Can False Positives be Prevented So Legitimate Applications Do Not Get Blocked?

book

Article ID: 287639

calendar_today

Updated On: 07-23-2020

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense)

Issue/Introduction

What measures can be taken to prevent false positives and subsequent blocks of legitimate applications?

Environment

  • Endpoint Standard:  All Versions

Resolution

It is recommended that all new sensors be assigned to the "Standard" policy (Prior to July 2017 release, the policy was "Default").  This policy has prevention rules for known malware and company denied-list applications.
 

Additional Information

  • A phased rollout approach is recommended to implement new custom or advanced policy group rules. 
  • The policy should be assigned to a pilot group of users until it is fully tested.
Powered by Wolken Software