When a Carbon Black App Control rule blocks an action, it normally displays a notifier on the computer where the action is blocked. The Approval Request feature allows users to send feedback to administrators when they see a notifier.

  • Approval Requests – When an action is blocked with no option to allow, users might want to request that a file or device is unblocked. Notifiers can be configured to allow users to submit a formal approval request for a blocked file or device.
  • Justifications – When an action triggers a prompt notifier, which provides the user the option to block or allow access, you might want to allow (or require) the user to explain why they allowed the action. The approval request feature also includes an interface for submitting these justifications.

When submitted, both approval requests and justifications appear in the Approval Request table in the console and are recorded in the Carbon Black App Control events database. If you choose, you can enable a built-in alert that is triggered when someone makes an approval request. There also is an alert for justifications.

Throughout this chapter Approval Requests is the generic term used for the feature that includes both approval requests and justifications. A distinction is made where needed.

Note:
  • Pre-7.0 agents cannot submit approval requests or justifications.
  • Approval Requests and justifications can be used for actions blocked by different types of rules. A full set of features is included on the Approval Request and Approval Request Details page for managing rules that are based on file state (file bans and blocks of unapproved files). For Custom, Registry or Memory rules, links are provided to take you to the rule details pages but the request management features are more limited. There is not currently any direct way to manage requests involving Rapid Configs from the Approval Requests pages.
  • If you already have your own request workflow in place, you can use notifier links to manage requests outside of the Carbon Black App Control console. Links can be used to automatically open a blank email directed to the person or group responsible for approving files, or they can direct the user to a web page that you use to handle IT requests. For steps on setting up these links, see Editing Notifier Text.
    Note: Platform Note: Notifier links appear on Windows computers only.