Wildcard usage in Host-Based Firewall rule Application path causes "INVALID_PARAMETER_VALUE" error
search cancel

Wildcard usage in Host-Based Firewall rule Application path causes "INVALID_PARAMETER_VALUE" error

book

Article ID: 367232

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense)

Issue/Introduction

Trying to use an application path with a wildcard value in the Host-Based Firewall rule string causes an "INVALID_PARAMETER_VALUE" error and cannot be saved

Environment

  • Carbon Black Cloud Endpoint Standard: Current Version
  • Carbon Black Cloud Host-Based Firewall

Cause

According to the console help tip, the following entries are accepted in the "Application Path" field:

  • Wildcard value as the sole entry, e.g. *
  • NT device paths, e.g. \\?\globalroot\device\hardiskvolume1\foo.exe
  • Volume GUID names, e.g. \\?\Volume{34b06610-97bc-4d11-b040-5c8a7bff1f41}\
  • Paths without pathname separators (backslash) or extensions, e.g. system, registry, etc.
  • Paths starting with system-wide DOS drive letters, e.g. c:\test.exe, d:\foo.exe
  • Alternate Data Stream (ADS) names, e.g. c:\foo.exe:bar.txt
  • UNC device paths, e.g. \\server\share\directory\file.exe

Resolution

The wildcard value (*) is only applicable as the sole entry in the "Application Path" field and cannot be used as part of the path string.