App Control: Why Files Are Being Approved By Approve Writes By Trusted Processes Rule
Article ID: 288830
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
Why are files being approved by the "approve writes from trusted processes" rule?
Environment
- App Control: All Supported Versions
Resolution
This rule will be triggered if the process or parent process is promoted
Additional Information
There are a few reasons a process is being promoted, but the most common are:
- File has been marked as an installer either manually or through a trusted directory
- Custom rule with the Promote action is selected
- Updater rules, can sometimes promote specific processes
Feedback
Yes
No
Powered by
