Use permission rules to allow and log behavior, or to have the Carbon Black Cloud bypass a path entirely. Create permissions rules to set up exclusions for other AV/security products or to remove impediments for software developers' workstations.

Operating system environment variables can be used as part of a policy rule in a path. For example: %WINDIR%.

For information and recommendations about using Exclusions or Permissions, see Comparing Permissions to Exclusions.

Procedure

  1. On the left navigation pane, click Enforce > Policies.
  2. Select a policy.
  3. Click the Prevention tab and expand Permissions.
  4. Click Add application path, or click the pencil icon next to an existing rule to edit it.
  5. Type the application path in the text box.
    When adding a path, you can use wildcards to specify files or directories. For an explanation of how wildcards work in policy paths, see Prevention Policy Settings. You can add multiple paths on separate lines. You can delete a rule by clicking the trash can icon.
  6. Select the desired Operation Attempt and Action attributes.
    Figure 1. Permissions Rule Attributes
    The Permissions Rule Attributes
  7. We recommend that you test a new rule's settings before you apply it in your environment. Click Test rule for any setting. The system checks to see how the rule would have affected your organization over the last 30 days. You can use this data to confirm or modify your settings.
  8. To apply the changes, select Confirm and click Save.