CB Protection: Unable to Block Banned Certificates After Approval Rule is Created
Article ID: 288792
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
After applying an allow execution rule for a specific path, files banned by hash can execute
Environment
- CB Protection Agent: All Supported Versions
- CB Protection Console: All Supported Versions
Cause
This is caused by the allow rule being ranked higher than the block rule.
Resolution
- Create a block rule, for the publisher under Rules > Software Rules > Custom
- Move the new rule to a higher rank than the allow rule
- Test the execution after the device receives its update ruleset
Feedback
Yes
No
Powered by
