• Carbon Black Cloud Console: July '17 Release (0.30.0) and Higher
  • Endpoint Standard

As the name implies, the policy monitors all application activity on an endpoint and logs these events to the Dashboard, which allows administrators evaluate all application activity prior to any policy rule implementation.

In terms of enforcement, the policy has very limited preventive capability, sensors assigned to this policy will allow most activity, except for malware, Potentially Unwanted Programs (PUPs) and living-off-the-land software used by adversaries to disable the sensor, as part of its tamper protection functionality.

• The Monitored policy is provided to customers that had Carbon Black Cloud deployed after the July '17 backend update
• The Monitored policy can have custom rules added to it in order to block applications but doesn't by default
• The Monitored policy may still encounter internal rules blocks for lsass.exe similar to this
• Local scan is disabled by default within the Monitored policy