Carbon Black App Control Agent software runs on client computers. It monitors file and process activity and communicates with the Carbon Black App Control Server when necessary.

On Windows and Mac computers, it also monitors connected storage devices and registry activity. Even when disconnected from the server, the agent continues to enforce the last specified bans and security policies it received. When a disconnected computer running the Carbon Black App Control Agent reconnects, the agent receives policy and rule updates from the server and communicates relevant file activity that occurred during the time it was off the network.

The Carbon Black App Control Agent runs silently in the background until it blocks a file, at which point it can display a message to the computer user, explaining why the file was not permitted to execute. Depending on the file state, the agent’s security level, and other configuration choices, Carbon Black App Control may also let the user on the client computer choose to run a blocked file. You also can enable mechanisms for users to request approval of blocked files, either informally via email or using a formal request process built into and tracked by Carbon Black App Control.