App Control: Trusted Directory Stops Crawling After Allow Write Rule is Added
book
Article ID: 288798
calendar_today
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
- After an Allow Write type rule is added, files are no longer approved by the trusted directory crawler.
- Disabling and enabling trusted directory approves the file.
Environment
- App Control Agent: 8.x
- App Control Server: 8.x
- Trusted Directory Enabled
Cause
The Allow Action exits all rule groups, including the rule in which the crawler is sent the metadata.
Resolution
- Edit the Allow Write rule
- Change the type to Expert
- Uncheck the Allow operation leaving the Finish Rule Group
- Save the rule
- Wait till the device becomes up to date on its ConfigList
- Test copying a file to the trusted directory
Feedback
thumb_up
Yes
thumb_down
No