| Name |
Brief Description |
Platform |
|---|---|---|
| Reports or prevents potentially malicious behavior related to browsers. |
Windows |
|
| Provides protection against tampering with the Carbon Black App Control Server. |
Windows |
|
| Prevents tampering with Carbon Black EDR. |
Windows |
|
| Reports or prevents potentially malicious behavior related to file based cryptomining attacks. |
Windows |
|
| Approve files written by the Delivery Optimization Service (DoSvc). |
Windows |
|
| Allows and optionally promotes all files under the Sysvol and NetLogon directories of the specified domain controllers if an agent is a member of the specified domain. |
Windows |
|
| Protect against the exploit known as Doppelganging on windows systems. |
Windows |
|
| Improves the security of computers running Linux by reporting or blocking modification of critical Linux system files. |
Linux |
|
| Improves the performance of computers running Linux by ignoring writes of specified files or by specified processes. |
Linux |
|
| Approves updates to Microsoft Edge. |
Windows |
|
| Improves the performance of Microsoft Exchange servers when running along side Carbon Black App Control. |
Windows |
|
| Improve security by watching for suspicious behavior by Microsoft Office apps. |
Windows |
|
| Approves software delivered via Microsoft SCCM. |
Windows |
|
| Improves the performance of Microsoft SQL servers when running alongside Carbon Black App Control. |
Windows |
|
| Approve Updates to Microsoft Teams. |
Windows |
|
| Protect against Mimikatz based attacks on windows systems. |
Windows |
|
| Improve security by watching for suspicious executions of Powershell.exe. |
Windows |
|
| Protect against process hollowing by reporting and preventing the hollowing of processes. |
Windows |
|
| Protect against ransomware by reporting or blocking modification to files typically targeted by ransomware. |
Windows |
|
| Protect against reconnaissance and exfiltration of files. |
Windows |
|
| Improves the security of computers by ensuring that script processors only run from expected locations. |
Windows |
|
| Provides a folder from which normal end-users can approve the execution of unapproved files even when in high enforcement. |
Windows |
|
| Prevent exploitation of the SolarWinds breach. You can see details of the Sunburst attack here: https://community.carbonblack.com/t5/Threat-Research-Docs/TAU-TIN-SolarWinds-SUNBURST-Solarigate-Incident/ta-p/98346. In additon to this Rapid Config, the 'Reconnaissance and Exfiltration Protection' Rapid Config can provide protection against the SolarWinds breach. |
Windows |
|
| Reports or prevents execution of Microsoft applications that are rarely used and can be used maliciously. |
Windows |
|
| Reports or prevents behavior by common applications that is suspicious based on command line. |
Windows |
|
| Reports or prevents behavior by common applications that is suspicious based on command line. |
Windows |
|
| Reports or prevents behavior by common applications that is suspicious based on parent-child relationships. |
Windows |
|
| Approves Visual Studio builds and ignores intermediate build files. |
Windows |
|
| Prevents attackers from impersonating or writing to VMware App Volumes AppStacks while still allowing writable areas to be modified. | Windows |
|
| Approves software distributed via VMware Workspace ONE. |
Windows |
|
| Approves Windows app store installs and updates to specified directories. |
Windows |
|
| Improves the security of computers running Windows by reporting or blocking modification of critical windows files and registry settings. |
Windows |
|
| Protect against exploiting Windows installers by embedding malicious content in them. |
Windows |
|
| Protect against WIndows Management Instrumentation (WMI) abuse on windows systems. |
Windows |
Caution: Rapid Configs listed below may not be enabled by default. It is the customer’s responsibility to verify their configuration.
