Carbon Black Cloud: Policy Deny for process which does not appear to meet policy rules
book
Article ID: 289930
calendar_today
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Issue/Introduction
Process blocked with Policy Deny TTP
Process blocked does not appear to match any of the policy blocking rules
Environment
Carbon Black Cloud Sensor
Cause
The process command line shows execution of a process with a policy block rule
Resolution
This is behaving as expected based on policy rules. If a block is not desired, policy actions will need to be modified to either allow the process initiating the command to be ignored or remove the blocking rule.