App Control: Agents Going Into Default Policy
search cancel

App Control: Agents Going Into Default Policy

book

Article ID: 288372

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

Agents are being found in the "Default" policy, as opposed to their intended policy

Environment

  • App Control Agent: All Supported Versions
  • App Control Console: All Supported Versions

Cause

  • AD Mapping enabled
  • Original policy has been deleted or renamed
  • Event Rule enabled
     

Resolution

AD Mappings:
  1. Login to the App Control Console
  2. Navigate to Rules > Policies > Mappings tab
  3. Confirm if proper mapping exist for device in question

Policy Deleted or Renamed:
  1. Obtain the agent installation logs
  2. In the logs search for "Host Group"
  3. "Host Group obtained from branding" indicates the name of the policy the agent is looking for
  4. Login to the App Control console
  5. Navigate to Rules > Polices
  6. Confirm policy exists/has not been renamed
Event Rule:
  1. Login to the App Control Console
  2. Navigate to Rules > Event Rules
  3. Determine if any rules with Action "Move Computer" are in use/at play

Additional Information

  • Agent installation logs can generally be found in c:ProgramData\Bit9\Parity Agent\Logs\
  • The URL https://<EnterServerNameHere/testrules.php may be useful in testing AD Mappings
Powered by Wolken Software