App Control: <SHA256> Macro in a Custom Rule Causing Unexpected Blocks
search cancel

App Control: <SHA256> Macro in a Custom Rule Causing Unexpected Blocks

book

Article ID: 288827

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

  • Multiple unexpected blocks triggered by a Custom rule with the <Sha256> macro included
  • System instability due to the blocking of critical Windows files
  • Recent agent upgrade to v.8.7.0 - 8.7.4

Environment

  • App Control Windows Agent: 8.7.0 - 8.7.4

Cause

We have identified an issue with the <Sha256> macro when used in the Process field of a Custom rule that causes it to improperly enforce rules on all running processes

Resolution

The issue EP-15650 is fixed in the 8.7.6 agent, please upgrade to this version

Additional Information

Until an upgrade to 8.7.6 is completed, please avoid the use of the <SHA256> macros in custom rules to avoid potential system instability due to unexpected blocks
Powered by Wolken Software