Carbon Black App Control collects many different kinds of information about the devices it detects on your computers. You can use this information to make decisions about how you want to treat file activities on devices.

By default, all devices are in an unapproved state (neither approved nor banned). You can explicitly approve or ban specific removable devices, either by model or by serial number. Files not blocked by other rules are always allowed to execute and be written on approved devices. Treatment of unapproved and banned files varies depending upon the Device Control Settings for each policy.


Banned devices do not block in policies that are set to Visibility mode, but you can choose Report Only for the Device Settings to generate events for device-related activity that would have blocked in Control mode.

Similarly, device-specific bans and approvals do not block or allow access in policies that do not have Device Settings set to Active.