Endpoint Standard: How to Automatically Ban a Hash
search cancel

Endpoint Standard: How to Automatically Ban a Hash

book

Article ID: 289299

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

WARNING: By configuring Auto ban, critical applications could be impacted based on Policy Rules. 
For example, if Notepad.exe was a participant in an attack that reached the threat level set in auto black list, it could be disabled company wide based on Policy settings.

Provide information on how to automatically ban a hash.

Environment

  • Carbon Black Cloud Console: All Versions

Resolution

  1. Go to Enforce - Reputation 
  2. Click on Auto Ban 
  3. Set the threshold for threat level. Anything equal or greater than the defined threat level will be added to the ban list
  4. Click Save
Powered by Wolken Software