The Default policy is for computers that report to the Carbon Black App Control Server but cannot be associated with any other policy.
Causes for this include:
- AD mapping is enabled, the default AD mapping rule (the last rule on the list) maps policies to Default Policy, and an agent does not match any other rule.
- An old installer associated with a deleted policy might be used for the initial Carbon Black App Control Agent installation on a computer.
- The last agent in a policy disconnects from the Carbon Black App Control Server and then is deleted from the Computers table on the console; because the policy now has no computers, a console operator decides to delete it. The agent later reconnects to the App Control Server.
In any of these cases, the computer is automatically moved into the Default Policy. Carbon Black recommends that you set the Enforcement Level for the Default policy to the appropriate protection level for your site. If you set the Default Policy to Visibility Mode, which tracks but does not block file executions, any computers that appear in the Default Policy should be moved as soon as possible to a policy with the settings and Enforcement Level protection you want.
- If you do not have any full Suite licenses (Visibility and Control), your only Enforcement Level choices for the Default policy are Visibility and Disabled.
- Because the Default Policy is reserved by the system, you cannot delete it.
The procedure for restoring computers from the Default policy is essentially the same as that for moving computers to another policy, with additional filtering instructions.
Move a Computer in the Default Policy to Another Policy
Use this procedure to move a computer in the Default policy to another policy.
- In the console menu, choose Assets > Computers. The Computers Page appears.
- If it is not the current choice, choose (none) as the Saved View.
- Click the Show Filters link, and on the Add filter menu, choose Policy.
- In the Policy filter, choose is as the operator, choose Default Policy from the right menu, and click the Apply button to apply your filter. All computers in the Default policy appear.
- From the Computers table, check the check box(es) for the computer(s) to be moved. You can check multiple computers if you want to move them from the Default policy to the same non-Default policy.
- On the Action menu, select the policy to which the checked computers are to be moved. If you are using AD-based policy assignment and you are certain this computer matches one of your mapping rules, choose Move to Automatic Policy.
- In the confirmation dialog box, click OK to reassign the selected computer to the new policy. This temporarily disconnects the App Control Server from the agents of any computers checked and causes them to reconnect. When reconnected, the computers are associated with the policy you moved them to.