Endpoint Standard: What Is The Difference Between Allow, Allow & Log and Bypass?
Article ID: 289977
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Issue/Introduction
What is the difference between setting a Permissions policy rule to Allow, Allow & Log or Bypass?
Environment
- Carbon Black Cloud Console: All Versions
- Endpoint Standard (formerly CB Defense)
- Endpoint Standard Sensor: All Versions
Resolution
- Allow - allows the specified behavior in the specified path; None of the specified behavior at the path is logged and no data is sent to the Endpoint Standard backend
- Allow & Log - allows the specified behavior in the specified path; All activity is logged and reported to the Endpoint Standard backend
- Bypass - all behavior is allowed in the specified path; Nothing is logged and no data is sent to the Endpoint Standard backend
Additional Information
- By design, the Bypass action can only be used with "Performs any operation" or "Performs any API operation"
- Using Bypass with "Performs any operation" removes all visibility into any behavior within the specified path and should be used as a last resort only
- Try Bypass with "Performs any API operation" first, which limits the scope of bypass, if you are trying to find a working Permissions rule; For example to address a suspected interoperability issue with another application
Feedback
Yes
No
Powered by
