This topic describes how to enable the reputation approvals feature for your Carbon Black App Control Server.
You can add file and publisher exceptions after you enable reputation approvals for the Carbon Black App Control Server; however, the publisher exceptions do not reverse any local approvals that have already occurred due to publisher reputation.
Prerequisites
- Consider exceptions for files and publishers that you do not want approved by reputation. These exceptions should be created before you enable the feature. See Creating Exceptions for Files and Publishers.
- Consider whether you want reputation approvals to be available for all of your agent-managed computers or only those in certain policies. This choice is covered in the following procedure.
- Carbon Black File Reputation must be activated before you can enable Reputation Approvals. Follow the instructions in Activating Carbon Black File Reputation to activate Carbon Black File Reputation.
Procedure
- In the console menu, click Rules > Software Rules.
- On the Software Rules page, click the Reputation tab.
Note: If no
Reputation tab appears on the Software Rules page,
Carbon Black File Reputation is not activated.
- Select the check box labeled Enable reputation approvals to open the fields on the page for editing.
- To enable file approval by reputation, select the check box next to Approve applications with a trust greater or equal to and then select a trust level from the menu. File trust choices range from 1 (very low trust) to 10 (highest trust). See Setting the Trust Level for Approvals for recommendations.
- To enable publisher approval by reputation, select the check box next to Approve publishers with trust greater or equal to and then select a publisher trust level. Publisher trust has three values: Low, Medium and High.
- Select the policies for which you want to enable reputation approvals:
- To enable the rules for all policies, click the All policies radio button.
- To enable the rules only for some policies, click the Selected policies radio button and then select the check box next to each policy to be affected by these rules.
Tip: You also can enable or disable reputation approvals for a policy on its Edit Policy page.
- When you have finished configuring reputation approvals, click the Save button at the bottom of the page and click OK in the confirmation dialog box.
Results
Reputation approvals are activated.
Note: Enabling file reputation approvals can require that very large numbers of file states are re-evaluated. You will not necessarily see changes in file state immediately in the console, but the server continues to process these changes in the background until all are up-to-date with the new approval rules. Full processing of the approvals can take several minutes.