The Carbon Black App Control Server can ban files or processes reported as part of a malware notification by external network security devices.
This can be done in several ways:
- Manual file bans of files reported in external notifications
- Registry Rules that ban certain processes that attempt access to registry keys, as reported in external notifications
- Custom Rules that ban activity in a directory reported in external notifications
- Event Rules that automatically ban files (or create report-only bans) when certain file-related events occur, in this case, due to external notifications
Registry, Custom, and Event rules can also be configured to report the actions they describe rather than banning them.