Permissions define the type of access you want to affect with this rule, such as read, write, or execution. Some options allow you to control multiple types of access.

The following table shows the options available on the permissions menu.

Table 1. Permissions Menu Options

Field

Description
Control Process Access required to control the execution of a process or thread, including the ability to terminate the process.
Read Access Access required to retrieve, copy, or duplicate certain information about a process or thread. If all you are concerned about is data loss or theft, you can use this optio n with the Block action.
Write Access Access required to modify a process or thread and its attributes.
Dynamic Code Execution Affects whether an application can execute code not associated with an executable image. This protection prevents arbitrary or floating code execution of the sort used by many forms of malware. Protects against attempts to disable Dynamic Execution Protection (DEP). Applies only to 32-bit versions of Windows XP, Windows 2003, Windows Vista, and Windows 7.
Important: Do not create a Dynamic Code Execution rule with Prompt as the action choice. This can cause undesirable results on agent computers.
Kernel Memory Access Affects whether a user-mode process can access kernel memory. You can create rules allowing access by a legitimate application while denying access for all other applications. Applies only to Windows XP.
Write + Control Write and control permissions. You can use this Permission choice and select Block as the action to prevent an attack on a process, such as a malicious code injection, termination, or other alterations.
Read + Write + Control

Read, write, and control permissions. This is the option you can use, along with the Block action, to prevent data loss or theft, or attacks. This does not include Dynamic Code Execution or Kernel Memory Access.

Advanced... Allows for very detailed control of memory access. Contact Carbon Black Support before using the Advanced option.