Memory rules have a Rank number and are evaluated from lowest number to highest number, beginning with the rule ranked 1. By default, rules appear on the Memory Rules page in their rank order, but you can sort the table by other columns.

If a memory-related action matches a rule’s definition, that rule is evaluated. Rule processing continues down the rank order to see whether any other rules match the current memory-related action. If there is another match, what happens next depends on the Permissions setting for the rules:

  • If the action matches two rules, but these rules have different permissions settings – for example, one is applied to Read Access and the other is applied to Write Access – both rules are evaluated. In this case, if there is a third matching rule that is applied to Control Process, that rule is also evaluated.
  • If the action matches two (or more) rules and all have the same permissions settings – for example, both are applied to Write Access – only the first rule is evaluated. There is one exception to this behavior – a rule whose action is Report does not stop processing of lower ranked rules with the same permissions setting.

You can change the ranking of rules if you decide that you want one of your rules to be considered before its current rank position.

Important: There are two built-in rules named Tamper Protection, ranked 1 and 2 by default,that help protect the server. Do not rank other rules higher than these unless instructed to do so by Carbon Black Support.

Procedure

  1. Make sure the Rank column displays on the Memory Rules page.
  2. Optional. Sort the table by rank and remove any filters if you want to be certain you can see the rules ranked immediately before and after the rule you are moving.
  3. To change the rank of a rule, do one of the following.
    • In any table that displays the Rank column, you can click on the rank number and enter a new rank number in the dialog box.
    • If the table is sorted by rank and not filtered, arrows appear next to the rank, and you can click the up or down arrow button next the to rule to change its rank.
    • If the table is sorted by rank and not filtered, you can hold down the left mouse button with the cursor over the rule and drag the rule to a new location.

    The Memory rule table sorted by rank and not filtered.

    Note: When using drag-and-drop, your target location must be visible in the current view (including rows you can scroll to but not rows that have not been loaded). If you need to move a rule to a ranking not currently shown, you can use the Click to Show More bar at the bottom of the rules table to add rows to the current view. You also can use the dialog box described in the next procedure.