CB Protection: How to disable "File Group Created" events
search cancel

CB Protection: How to disable "File Group Created" events

book

Article ID: 290994

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

How can I disable the "File Group Created" events for files?

Environment

  • CB Protection Server: 7.x and Higher
  • CB Protection Agent: 7.x and Higher
  • Microsoft WIndows: All Supported Versions

Resolution

  1. Navigate to https://yourconsole/agent_config.php
  2. Click "Add Agent Config"
  3. Fill out the values as follows:
    1. Property Name: Your Discretion
    2. Host ID: <Enter a specific host ID or enter 0 for all hosts>
    3. Value: no_group=<executable writing the files triggering the event>
    4. Status: Enabled
    5. Create For: <Select desired policies>
  4. Click Save

Additional Information

  • If you wish to enter multiple executables, they must be comma separated.
  • Here is the default setting of the no_group value:
no_group=explorer.exe,cmd.exe,winlogon.exe,rundll32.exe,spoolsv.exe,mmc.exe,ccapp.exe,inort.exe,isass.exe,regsvr32.exe,java.exe,javaw.exe,msmpeng.exe