Policy settings define the way you want Carbon Black App Control to manage a particular group of computers.
There are three main categories of settings:
- Basic Policy Definitions – These include the policy name and other descriptive information, whether computers in this policy allow agent upgrades, whether live file inventory is activated for these computers, and the basic security level (the Mode and Enforcement Level) for the policy. Modes and Enforcement Levels are described in more detail below.
- Device Settings – Device settings control the way a Carbon Black App Control policy treats removable devices. You can make different rules to control read, write, and execute operations on devices, and you can specify that approved and banned devices are treated differently than devices that have not been classified.
- Advanced Settings – Advanced policy settings primarily control whether computers in a policy have certain file types blocked. The possible values are Active, Off, and Report Only.
In addition to these, most of the other rules in Carbon Black App Control can be limited to certain policies if you choose, or can be made to apply to computers in all policies.
See Creating and Configuring Policies for full details on policy settings.