Carbon Black Cloud: Policy Deny for process which does not appear to meet policy rules
search cancel

Carbon Black Cloud: Policy Deny for process which does not appear to meet policy rules

book

Article ID: 289930

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense)

Issue/Introduction

  • Process blocked with Policy Deny TTP
  • Process blocked does not appear to match any of the policy blocking rules

Environment

  • Carbon Black Cloud Sensor

Cause

The process command line shows execution of a process with a policy block rule

Resolution

This is behaving as expected based on policy rules. If a block is not desired, policy actions will need to be modified to either allow the process initiating the command to be ignored or remove the blocking rule.
Powered by Wolken Software