CB Protection: Script Files Not Approved in Console
search cancel

CB Protection: Script Files Not Approved in Console

book

Article ID: 290717

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

Script Files are not listed as 'Approved' in the console.

Environment

  • CB Protection Console: All Supported Versions

Cause

Script files are not normally tracked in CB Protection without a rule in place for each script file type.

Resolution

  1. Within the console navigate to Rules > Software Rules and select the Scripts tab
  2. Create a new rule
  3. The path or file should be the extension of the file. For example 
    *.ps1
  4. The process should be the process which will be executing the script. For example:  
    *\powershell.exe

Additional Information

  • Without a rule in place, script files are considered 'uninteresting' to the CB Protection agent and do not get scanned or have an approval assigned. 
  • Additional information regarding custom rules can be found in Custom Rules Best Practices Guide or in the CB Protection User Guide located here.

CB-Protection-How-to-track-script-files

Powered by Wolken Software