Carbon Black Cloud: What is the Difference Between Deny and Terminate for Policy Action?
search cancel

Carbon Black Cloud: What is the Difference Between Deny and Terminate for Policy Action?

book

Article ID: 288678

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense)

Issue/Introduction

What is the difference between Deny and Terminate for Policy Action?

Environment

  • Carbon Black Cloud Console: All Supported Versions
  • Carbon Black Cloud Sensor: All Supported Versions

Resolution

  • Deny will stop the process / application from starting
  • Terminate will end the process and stop the process if already running

Additional Information

If Services or another startup process opens a file with a Reputation that would be Denied before the Sensor is able to enforce Policy it would show as allowing the file to run. As the Sensor did not see it being started the Sensor will not take action on it. In that same situation with the Policy Action set to Terminate though it would end the process and block it from starting again if invoked. 
Powered by Wolken Software