Memory Rules let you protect a process from being accessed or altered by other processes or users.
- Block read, write, or execution access to a matching process.
- Report on access.
- Prompt the user on the agent system to deny or allow access.
If in-memory malicious attack occurs on a system protected by the Carbon Black App Control Agent, a properly configured memory rule can prevent that attack from spreading to other processes, or accessing information in other processes. Memory rules limit the vulnerability of a protected computer. They can also protect specific applications or processes from termination, or other manipulation by users or malicious code.
You can view a list of memory-rule-related events, including blocked actions caused by memory rules. Navigate to the Memory from the Saved Views drop-down menu.page and select
Check the description field for any rule before you consider modifying it.
You can set the memory rules as centrally managed for multiple servers through the Unified Management feature. For details, see Unified Management of Multiple Servers.
You can also export memory rules from one server and import them to another. To perform these action, navigate to the Exporting and Importing Rules.tab. For details, see