CB Protection: How to track script files
search cancel

CB Protection: How to track script files

book

Article ID: 288759

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

How to track script files normally considered "uninteresting". 

Environment

  • CB Protection Console: All Supported Versions

Resolution

  1. Within the console navigate to Rules > Software Rules and select the Scripts tab
  2. Create a new rule
  3. The path or file should be the extension of the file. For example 
    *.ps1
  4. The process should be the process which will be executing the script. For example:  
    *\powershell.exe

Additional Information

Additional information regarding custom rules can be found in https://community.carbonblack.com/t5/Knowledge-Base/CB-Protection-Custom-Rules-Best-Practices/ta-p/67622 or in the CB Protection User Guide located here
Powered by Wolken Software