Carbon Black Cloud: How To Limit a Policy Change to a Subset of Endpoints
Article ID: 291907
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Issue/Introduction
Step-by-step guidance on making a Policy change to a small group of Sensors without applying the changes to all endpoints under a Policy.
Environment
- Carbon Black Cloud Console: All Versions
Resolution
To make a Policy change for a limited set of Sensors under a Policy, take the following steps:
- From the Console, navigate to Enforce > Policies > [Policy name].
- At the top-right of the page, click Duplicate Policy and complete the form.
- Under the new, duplicated Policy, make and save the desired Policy changes. Examples:
- Add/remove Endpoint Standard rules under Prevention tab.
- Adjust firewall rules under Host-Based Firewall tab.
- Edit local scanner settings under Local Scan tab.
- Modify Sensor operational behavior under Sensor tab.
- Navigate to Inventory > Endpoints/Workloads, search/filter for relevant Sensors, then check the box next to the desired entries slated to receive changes.
- Select Take Action > Assign Policy, and assign the impacted Sensors to the duplicated Policy.
Tip: Alternatively, create a new Asset Group to assign desired endpoints to the new effective Policy.
Additional Information
- Active Sensors will be assigned to the new Policy at their next check-in, reflected by the Last Check-In Time.
- Any Sensors yet to receive the changes will display the Policy name in italics on the Inventory page.
Feedback
Yes
No
Powered by
