Endpoint Standard: What Is The Difference Between Allow, Allow & Log and Bypass?
book
Article ID: 289977
calendar_today
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Issue/Introduction
What is the difference between setting a Permissions policy rule to Allow, Allow & Log or Bypass?
Environment
Carbon Black Cloud Console: All Versions
Endpoint Standard (formerly CB Defense)
Endpoint Standard Sensor: All Versions
Resolution
Allow - allows the specified behavior in the specified path; None of the specified behavior at the path is logged and no data is sent to the Endpoint Standard backend
Allow & Log - allows the specified behavior in the specified path; All activity is logged and reported to the Endpoint Standard backend
Bypass - all behavior is allowed in the specified path; Nothing is logged and no data is sent to the Endpoint Standard backend
Additional Information
By design, the Bypass action can only be used with "Performs any operation" or "Performs any API operation"
Using Bypass with "Performs any operation" removes all visibility into any behavior within the specified path and should be used as a last resort only
Try Bypass with "Performs any API operation" first, which limits the scope of bypass, if you are trying to find a working Permissions rule; For example to address a suspected interoperability issue with another application