CB Protection: How are executions affected when prompt notifiers are idle?
Article ID: 290400
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
When a prompt notifier is displayed (in Medium Enforcement) on an endpoint but not acted upon, how can the agent be expected to act?
Environment
- CB Protection Agent: All Supported Versions
- Microsoft Windows: All Supported Versions
Resolution
- While the prompt notifier is up, but not acted upon, the agent will:
- Block banned files
- Discover new unapproved files and report back to the CBP Server
- Prompt for unapproved file executions
- The agent will not:
- Receive and act upon global or local approvals sent from the CBP Server
- Essentially, the prompt notifier must be acted upon (allow or block) in order for the agent to be able to proceed with allowing or blocking the file execution.
Feedback
Yes
No
Powered by
