Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Issue/Introduction
Trying to use an application path with a wildcard value in the Host-Based Firewall rule string causes an "INVALID_PARAMETER_VALUE" error and cannot be saved
Environment
Carbon Black Cloud Endpoint Standard: Current Version
Carbon Black Cloud Host-Based Firewall
Cause
According to the console help tip, the following entries are accepted in the "Application Path" field:
Wildcard value as the sole entry, e.g. *
NT device paths, e.g. \\?\globalroot\device\hardiskvolume1\foo.exe
Volume GUID names, e.g. \\?\Volume{34b06610-97bc-4d11-b040-5c8a7bff1f41}\
Paths without pathname separators (backslash) or extensions, e.g. system, registry, etc.
Paths starting with system-wide DOS drive letters, e.g. c:\test.exe, d:\foo.exe
Alternate Data Stream (ADS) names, e.g. c:\foo.exe:bar.txt
UNC device paths, e.g. \\server\share\directory\file.exe
Resolution
The wildcard value (*) is only applicable as the sole entry in the "Application Path" field and cannot be used as part of the path string.