This is your guide to day-to-day administration and security monitoring tasks: monitoring executable files on your network using Carbon Black App Control; configuring the Carbon Black App Control Server; managing computers running the Carbon Black App Control Agent; and managing Carbon Black App Control Console users.

This guide covers the following:

Section Description


Describes the Carbon Black App Control architecture, key management concepts, and operation strategies.

Using the Console

Describes how to log in to the system and navigate to features using the Carbon Black App Control Console. It includes descriptions of common menus and buttons.

Managing Console Login Accounts

Describes how to create, manage, and delete login accounts. Also describes the role-based access privileges of different types of user accounts, and how to use Active Directory accounts as Carbon Black App Control Console accounts.

Managing Computers

Describes how to configure, deploy, and install the Carbon Black App Control Agent. Also describes how to get information about managed computers.

Creating and Configuring Policies

Describes policies, which define the protections for groups of computers; includes policy settings, Enforcement Levels, and how to change them.

Managing Virtual Machines

Describes special considerations for managing virtual machines created from template computers.

File, Publisher, and Application Information

Describes where and how you get information about files seen by agents reporting to your Carbon Black App Control Server. Includes descriptions of the detailed global and local file state information provided by the server. Also describes information provided about publishers and applications discovered and inventoried by Carbon Black App Control.

Approving and Banning Software

Describes different methods of approving and banning files, and when to use them.

Deleting Files

Describes how to us the Carbon Black App Control console to delete files from one or more endpoints.

Reputation Approval Rules

Describes how to use Carbon Black File Reputation trust settings to automatically approve files and publishers.

Managing File-Signing Certificates

Describes how approve and ban files by approving or banning specific certificates associated with a publisher.

Managing Devices

Describes how to set up rules to control access to files on devices connected to computers.

Script Rules

Describes how to add files to the list of those controlled by script rules.

Custom Software Rules

Describes how to create “custom rules” that affect what happens when there is an attempt to execute or write files at specified paths. Also describes how to export rules from one server and import them to another.

Registry Rules

Describes how to create rules that affect what happens when there is an attempt to modify the Windows Registry at specified paths.

Memory Rules

Describes how to create rules that affect what happens when there is an attempt by one process to access or alter another process.

Expert Rules

Describes the expert interface to Custom, Registry, and Memory Rules. This interface is for use in consultation with Carbon Black Support or Services only.

Rapid Configs

Describes how to enable and configure sets of rules that can be used to accomplish tasks such as application optimization, operating system and application hardening, and approval of files delivered by software distribution systems.

Event Rules

Describes how to create rules that take an action when specified events are reported to the Carbon Black App Control Server.

Endpoint Notifiers and Approval Requests

Describes how blocked file notifiers work on agent computers and describes how to customize notifiers. Also describes configuration and management of approval requests from users.

Events, Alerts and Meters

Describes how to carry out day-to-day monitoring operations. Instructions include how to use Carbon Black App Control reports and events to identify changes in network file activity and respond appropriately. Also describes how to set up email alerts for Carbon Black App Control-monitored activity, and how to meter execution of specific files.

Monitoring Change: Baseline Drift Reports

Describes how to use the Baseline Drift Report feature to monitor change in file inventory over time.

Advanced Threat Detection

Describes Carbon Black App Control’s advanced threat indicators, which can be used to detect threatening or suspicious activity on systems reporting to your server.

Using and Customizing Dashboards

Describes special graphic display pages, called Dashboards, that summarize key information about managed computers and the files on them.

Locating Files

Describes the Find Files feature, which can locate specific executable files on computers running the agent on your network.

System Configuration

Describes configuration settings, including integration with other servers (including VMWare Carbon Black EDR), backup procedures, product update procedures, optional CB Reputation hash-identification services, agent-server communication security, and other configuration options.

Unified Management of Multiple Servers

Describes the Unified Management features that allow one Carbon Black App Control Server to control many common management functions on multiple servers.

Monitoring System Health

Describes the System Health page, which provides information about factors that affect the health of your Carbon Black App Control environment, including compliance with the hardware and software requirements, SQL Server configuration, and other health and performance data.

Live Inventory SDK: Database Views

Describes the set of available read-only views into the "live inventory" database of files on your managed computers.

App Control API

Describes the Carbon Black App Control API, a RESTful API that may be used to write code to interact with Carbon Black App Control, either using custom scripts or from other applications, including network security platforms.

App Control Connector

Describes the optional, separately licensed connector for integrating third-party network security devices (Palo Alto Networks) with Carbon Black App Control.

Diagnostic Files

Describes how to upload and access agent diagnostic files. Also describes server diagnostic files available through the console.

Uploading Files from Agents

Describes the optional, separately licensed features for uploading files from agents to the server.

Exporting Data for External Analysis

Describes the optional, separately licensed features for sending endpoint data collected by the Carbon Black App Control Server collects to external analysis tools such as Splunk.