App Control: How to Track Allowed Executions
search cancel

App Control: How to Track Allowed Executions

book

Article ID: 288540

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

Is it possible to track allowed executions when an endpoint is in enforcement?

Environment

  • App Control: All Supported Versions

Resolution

  • In the console, under Reports > Events, use Subtype ==¬†Execution prompt allowed (unapproved file) to filter for instances where an unapproved executable was allowed to run in medium enforcement.
  • To track specific executions when approved an Execution Allow Rule - Report can be used to track executions