Endpoint Standard: Application blocked with policy_deny and no other TTPs
Article ID: 292092
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Issue/Introduction
Application is blocked due to policy_deny, but no further information is shown
Environment
- Carbon Black Cloud: All Supported Versions
- Endpoint Standard Sensor: All Supported Versions
Cause
This type of block typically occurs when a rule for "Runs or is running > Deny operation" matches on the process
Resolution
If the application is trusted, create a Permissions rule for the blocked process path
Additional Information
https://community.carbonblack.com/t5/Knowledge-Base/Carbon-Black-Cloud-How-to-Configure-Policy-Rules/ta-p/48383
Feedback
Yes
No
Powered by
