Memory rules have a Rank number and are evaluated from lowest number to highest number, beginning with the rule ranked 1. By default, rules appear on the Memory Rules page in their rank order, but you can sort the table by other columns.
If a memory-related action matches a rule’s definition, that rule is evaluated. Rule processing continues down the rank order to see whether any other rules match the current memory-related action. If there is another match, what happens next depends on the Permissions setting for the rules:
- If the action matches two rules, but these rules have different permissions settings – for example, one is applied to Read Access and the other is applied to Write Access – both rules are evaluated. In this case, if there is a third matching rule that is applied to Control Process, that rule is also evaluated.
- If the action matches two (or more) rules and all have the same permissions settings – for example, both are applied to Write Access – only the first rule is evaluated. There is one exception to this behavior – a rule whose action is Report does not stop processing of lower ranked rules with the same permissions setting.
You can change the ranking of rules if you decide that you want one of your rules to be considered before its current rank position.
Important: There are two built-in rules named
Tamper Protection, ranked 1 and 2 by default,that help protect the server. Do not rank other rules higher than these unless instructed to do so by Carbon Black Support.