To permit installation of new applications on a selected computer under High Enforcement Level, you can temporarily relax protection and give the computer permission to execute any files that are not banned. The method you use depends on whether the computer is connected to the Carbon Black App Control Server.

  • For an online computer, you can use the console to move the computer into another Enforcement Level for as long as it takes to complete software installation, and then move it back when you are finished. This option is described in Moving Online Computers into Local Approval Mode.
  • For an offline computer, you can use the console to generate a system-specific password for use on the computer to move it into another Enforcement Level for a specified time. This option is described in Using Timed Policy Overrides.

In either case, Local Approval mode is temporary – it has a specified time limit for the Timed Enforcement Level override, but must be returned manually for online computers, as described in Restore Online Computers from Local Approval Mode.

After you return the computer to its original Enforcement Level, all files that were in the Unapproved state before the computer was placed in local-approval mode, and were not executed while in local-approval mode, remain unapproved. Formerly Unapproved files that were run or installed while the computer was in local approval mode are locally approved on the computer but continue to have a global state of Unapproved.

You can move into Local Approval from both High and Medium Enforcement Level. Although you can execute unapproved files in Medium Enforcement, by using Local Approval you eliminate the need to respond to notifiers when you attempt to run unapproved files.

Note: You must have full Suite licenses (Visibility and Control) to reassign a computer to Local Approval mode.