Carbon Black Cloud: What are the Carbon Black recommended best practices for various Microsoft applications?
Article ID: 291691
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Issue/Introduction
What are the Carbon Black recommended best practices for various Microsoft applications?
Environment
- Carbon Black Cloud Sensor: All Versions
- Microsoft Windows: All Supported Versions
Resolution
Carbon Black recommends reviewing the available guidelines from Microsoft and implementing exclusions based on your security posture and performance requirements in a stair-step approach:
- Approve Certificate: Ensure properly signed and trusted applications have been whitelisted
- Approve Hash: For unsigned files that are trusted within the environment
- IT_Tool: Helpful for SCCM deployments
- Allow and Log: Helpful for GPO or login scripts applications where extra visibility is required
- Allow: Helpful for noisy applications that change hash frequently
- API Bypass: Helpful for applications performing multiple operations
- Full Bypass: Helpful for backup or performance monitoring applications that touch large amounts of files or generate higher-than-average resource consumption
Additional Information
Here are some resources from Microsoft / Technet:
- Microsoft Anti-Virus Exclusion List
- Virus scanning recommendations for Enterprise computers that are running currently supported versions of Windows
- Recommended antivirus exclusions for Configuration Manager 2012 and current branch site servers, site systems, and clients
- How to choose antivirus software to run on computers that are running SQL Server
- Running Windows antivirus software on Exchange servers
Feedback
Yes
No
Powered by
