If you do not want a script rule to be effective anymore, you can either disable it, which leaves it in the table of Script rules, or delete it from the table. In either case, the script rule stops affecting newly discovered files. However, any script file that was discovered while the rule was effective continues to be tracked by Carbon Black App Control and retains any file state assigned to it during the time the rule was enabled.
Disabling a script definition does not immediately remove the matching files from the inventory of files tracked by App Control. This prevents loss of information if an action such as a rule change is taken accidentally. However, the exact amount of time a script file matching a disabled rule remains in inventory depends factors such as whether it is actually deleted from the agent or modified.
If a disabled definition is subsequently enabled with rescan enabled, only newly discovered scripts will be locally approved. Scripts that remained in the inventory will retain their previous state.
If you think you might use a rule again, disabling it temporarily is the best choice.
To disable a Script rule, select the View Details icon next to the rule and click the Disabled radio button on the Status field.
Deleting a rule eliminates it permanently – there is no undo or retrieval for a deleted rule. Because of that, be sure you actually want to delete the rule. Deletion of the rules that were pre-configured in Carbon Black App Control is not recommended.
To delete a Script rule, select the Delete icon next to the rule in the Script rules table.