App Control: <SHA256> Macro in a Custom Rule Causing Unexpected Blocks
book
Article ID: 288827
calendar_today
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
Multiple unexpected blocks triggered by a Custom rule with the <Sha256> macro included
System instability due to the blocking of critical Windows files
Recent agent upgrade to v.8.7.0 - 8.7.4
Environment
App Control Windows Agent: 8.7.0 - 8.7.4
Cause
We have identified an issue with the <Sha256> macro when used in the Process field of a Custom rule that causes it to improperly enforce rules on all running processes
Resolution
The issue EP-15650 is fixed in the 8.7.6 agent, please upgrade to this version
Additional Information
Until an upgrade to 8.7.6 is completed, please avoid the use of the <SHA256> macros in custom rules to avoid potential system instability due to unexpected blocks