Prevent access to, termination of, or modification of processes matching this rule.

When you select Block, the Use Policy Specific Notifier checkbox and a Custom Write Notifier menu appear. These allow you to specify the notifier, if any, that appears when the rule blocks an action. For more details, see Table: Memory Rule Fields .

Prevent access to, termination of, or modification of processes matching this rule. Do not display a notifier, and do not generate an event.

Presents a notifier dialog box to the endpoint user when there is an attempt to access, terminate, or modify processes matching this rule. The dialog box choices are Block or Allow. Once you respond to the dialog box, the choice applies anytime the same process matches the same rule on that computer – you are not prompted again in this case.

When Prompt is chosen, the Use Policy Specific Notifier checkbox and a Custom Write Notifier menu appear. These allow you to specify the notifier that appears to prompt the user. For more details, see Table: Memory Rule Fields .

Use of Prompt as the action for Dynamic Code Execution rules is not recommended. This combination can have destabilizing effects on computers running the Carbon Black App Control Agent.

Do not block access, termination, or modification of matching processes but report the actions as events.

Allow all memory/process operations that match this rule. This is the default behavior if there is no rule for a particular target or source process.

Use of Allow gives you a way to create an exception to a more general rule that blocks at a particular location. For example, if you create a rule that blocks all memory operations at c:\Program Files\InterestingApp\*, you can use Allow to create a higher ranking rule that allows operations at c:\Program Files\InterestingApp\Subfolder\