CB Protection: Script Files Not Approved in Console
Article ID: 290717
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
Script Files are not listed as 'Approved' in the console.
Environment
- CB Protection Console: All Supported Versions
Cause
Script files are not normally tracked in CB Protection without a rule in place for each script file type.
Resolution
- Within the console navigate to Rules > Software Rules and select the Scripts tab
- Create a new rule
- The path or file should be the extension of the file. For example
*.ps1
- The process should be the process which will be executing the script. For example:
*\powershell.exe
Additional Information
- Without a rule in place, script files are considered 'uninteresting' to the CB Protection agent and do not get scanned or have an approval assigned.
- Additional information regarding custom rules can be found in https://community.carbonblack.com/t5/Knowledge-Base/CB-Protection-Custom-Rules-Best-Practices/ta-p/67622 or in the CB Protection User Guide located here
Feedback
Yes
No
Powered by
