CB Protection: How to block files without a Notifier
Article ID: 290292
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
This article explains how to modify a custom rule to block files and send the events to the CBP console, but not have the block Notifier appear on the agent's endpoint.
Environment
CB Protection Console: All Supported Versions
Resolution
1. Navigate in the console to Rules > Software Rules > Custom tab.
2. Edit an existing rule or Add Custom Rule.
3. If the execute action is Block or Prompt, you should see a checkbox for 'Use Policy Specific Notifier'. Uncheck this box.
4. In the 'Custom Execute Notifier' field, select <none> from the drop-down.
5. Click Save and Exit.
2. Edit an existing rule or Add Custom Rule.
3. If the execute action is Block or Prompt, you should see a checkbox for 'Use Policy Specific Notifier'. Uncheck this box.
4. In the 'Custom Execute Notifier' field, select <none> from the drop-down.
5. Click Save and Exit.
Feedback
Yes
No
Powered by
