The following table describes File Rule parameters.
Field |
Description |
---|---|
|
Text description of the files to be approved or banned. This can be a file name or other identifying information to help you manage the rule (the rule is created even if you do not enter a name). This is name for the rule only. Entering a file name here does not create a filename-based rule. |
|
Choices are Approval, Ban, and Ban (Report Only). |
(Read Only) |
The source type of the most recent modification of the rule. This can indicate how it was created or a later change. The possible values are: Manual (all manual or from Action menu commands), Trusted Directory, Reputation, Imported (from an uploaded list of files), External (API), Event Rule, Rapid Configs, Unified Management, and Unknown. Appears after the rule is created. |
(Read Only) |
The name or additional description for the source of the most recent modification of the rule. This will either be Carbon Black Installation, Trusted Directory (Deleted), or a rule name. Manual, Imported, and Unified Management rules do not have a Source Name. |
|
To ban a file, you must know the name of the file or its hash (data signature). If you select Name, you can enter a path so that the rule only applies to a file in a particular location. Approvals are always by hash, so the |
|
Displays only for bans, and only if you chose File Name as Type. Name of the file and its extension. For example, msblast.exe. Specify a directory path if you want to ban only matching files in a particular location. If you use a path, files with the same name that appear in any other directory are not subject to the name ban. If you enter a path, be sure to use the correct directory delimiters, and to use only characters and formats legal for paths in the chosen platform. The Carbon Black App Control Server does not convert paths between platforms. Linux file names are usually case sensitive. |
|
Displays only for bans, and only if you chose File Name as Type. Platform for which this rule is effective (macOS, Linux, or Windows). Name bans must be platform-specific. |
|
Cipher algorithm used to create the hash to approve or ban. If you paste a value, the choices are MD5, SHA-1, and SHA-256. Rules created from a file table or details page use SHA-256, if available. |
|
Hash (data signature) for the file. Hashes not yet seen by this Carbon Black App Control Server can be used in rules. To locate hashes for files already found on your computers, you can use the File Catalog or Find Files pages. |
|
Optional text to further describe the file approval or ban. This information is displayed in the File Rules table in the Description column (if visible). |
|
Policies for which the approval is enforced:
|
(Read Only) |
Shows when and by whom the rule was created and last changed. Also shows the CL version (that is, the version of Carbon Black App Control rules) in which the current version of the rule is present, which can be used to determine whether the rule is present on an agent. |