What is the impact of disabling "Scan execute on network drives"?

search cancel

book

calendar_today

Carbon Black Cloud Endpoint Standard (formerly Cb Defense)

Will there be any security impact to devices if "Scan execute on network drives" is disabled by policy?

The sensor will not stall file execution while waiting for the Carbon Black Cloud to return a reputation, so the sensor may allow the file to execute based on the reputation obtained by the Local Scanner (if enabled)
Once a reputation is obtained from the Carbon Black Cloud, file reputation will be updated and policy rules will apply accordingly

If "Scan execute files on network drives" is disabled in the policy then the sensor will not check the cloud reputation for that file until it attempts to execute
The sensor will calculate the SHA256 hash for all files on network drives upon execute so that the file can be tracked and recorded
The sensor queues a reputation request, but request will not be sent until the next send window (every five minutes)
The sensor will not stall file execution while waiting for the Carbon Black Cloud to return a reputation, so the sensor may allow the file to execute based on the reputation obtained by the Local Scanner if enabled
Background Scan checks only apply to pre-existing files, so it would not apply in this case
LOCAL_WHITE reputation is not assigned to network files by default. This behavior only applies to pre-existing files
Local Scanner is not Supported on macOS
If another file attempts to access the file, the sensor does not generate another reputation request
The sensor will apply an Unknown reputation until it receives a reputation from the Carbon Black Cloud
Once a reputation is returned, policy rules can apply to the network file
Unknown reputation typically means the sensor can not reach the Carbon Black Cloud Backend

thumb_up Yes

thumb_down No