CB Protection: How are executions affected when prompt notifiers are idle?
book
Article ID: 290400
calendar_today
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
When a prompt notifier is displayed (in Medium Enforcement) on an endpoint but not acted upon, how can the agent be expected to act?
Environment
CB Protection Agent: All Supported Versions
Microsoft Windows: All Supported Versions
Resolution
While the prompt notifier is up, but not acted upon, the agent will:
Block banned files
Discover new unapproved files and report back to the CBP Server
Prompt for unapproved file executions
The agent will not:
Receive and act upon global or local approvals sent from the CBP Server
Essentially, the prompt notifier must be acted upon (allow or block) in order for the agent to be able to proceed with allowing or blocking the file execution.