Carbon Black Cloud: Events Still Being Sent When Process is in Full Bypass Rule
search cancel

Carbon Black Cloud: Events Still Being Sent When Process is in Full Bypass Rule

book

Article ID: 292237

calendar_today

Updated On:

Products

Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

After adding a process path to a Full Bypass rule, EEDR events are unexpectedly still being seen in the CB console for the process (and all its child process, if applicable)

Environment

  • CB Cloud Sensor:  All versions
  • Windows:  All versions

Cause

EEDR events are not managed by the policy rules.  The "Full bypass" rule has no effect on the EEDR data, it is only applicable to the NGAV portion the product.

Resolution

Currently, this is working as designed.
Powered by Wolken Software