CB Protection: How To Block Known Malicious Files
search cancel

CB Protection: How To Block Known Malicious Files

book

Article ID: 290466

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

This article details two ways to block or ban files deemed malicious by reputation.

Environment

CB Protection Server: All Supported Versions

Resolution

1. In the CB Protection Console, navigate to Rules > Event Rules
Using the 'Malicious file detected' subtype will allow files known to be malicious to trigger the rule, which can be set to ban immediately, or report.

2. In Rules > Software Rules > Reputation tab, set thresholds to block files based on their CDC score.

Additional Information

Clicking the black and white question mark in the upper right hand of the console will show a help menu contextual to the page currently loaded in the CB Protection console.