The Carbon Black App Control console allows you to assign notifiers on the Edit Policy page and the Add/Edit rule page.

  • On the Edit Policy page, for each policy setting
  • On the Add Rule or Edit Rule page for custom, registry, and memory rules; a rule can be configured to use the notifier assigned by a computer’s policy or to use a custom notifier specified in the rule details

Assign Notifiers to Policy Settings

A default, setting-specific notifier is assigned to each policy setting, so notifier configuration is not required. However, you can choose a different notifier for each rule and setting in a policy. This section describes how you assign existing notifiers to settings.

For information about modifying notifiers or creating new ones, see Customizing and Creating Notifiers.

Procedure

  1. On the console menu, choose Rules > Policies.
    The Policies page appears.
  2. Click the View Details button next to the name of the policy whose notifier assignments you want to change.
    The Edit Policy page appears.
  3. To change the notifier for an advanced setting, click the Advanced tab.
  4. For the each setting whose notifier you would like to change, make a new choice from the Notifiers menu.
    You can select <none> to display no notifier when a setting blocks an action. However,consider all conditions for a setting before changing its notifier to <none>.
    For example, if you select <none> for Block unapproved executables, users in Medium Enforcement policies, who must be able to choose whether to block or allow execution of unapproved files, do not have the opportunity to make that decision. The file is blocked without any notice from the agent.
  5. Click the Save button to preserve your advanced settings notifier changes.
  6. Optional. To change device settings notifiers for this policy, click the Device Control Settings tab, and repeat steps 4 and 5.
  7. When you are finished editing the notifiers for this policy, click the Save & Exit button to return to the Policies page.

What to do next

You can select other policies and edit their notifiers as well.

Policy Settings with Notifiers

There are policy settings that have their own separately assigned notifier.

Each of the following policy settings, which appear in the Device Control Settings and Advanced settings lists on the Edit Policy page, has its own separately assigned notifier, except where noted:

Device Control Settings with Notifiers:

  • Block writes to unapproved removable devices
  • Block writes to banned removable devices
  • Report reads from unapproved removable devices (will never display notifier)
  • Report reads from banned removable devices (will never display notifier)
  • Block executions from unapproved removable devices
  • Block executions from banned removable devices

Advanced Settings with Notifiers:

  • Block unanalyzed scripts and executables
  • Block unapproved scripts
  • Block unapproved executables
  • Block banned file names
  • Block banned file hashes
  • Block executables run from a network drive
  • Block files with banned publishers or certificates
  • Enforce memory rules
  • Enforce registry rules
  • Enforce custom (file and path) rules
  • Enforce tamper protection
  • Terminate processes with banned images