Create permission, blocking, and path denial rules to control what applications and behaviors the Carbon Black Cloud sensor prevents and allows in your environment.
For Standard and Advanced default policies, many settings are activated out-of-the-box.
Important: For standalone
Carbon Black Cloud Enterprise EDR customers, the following policy rule options are limited:
- The option for Runs or is running is selected and cannot be modified.
- The option for Scan execute on network drives is selected and cannot be modified.
Using Wildcards in Paths
When adding a path, you can use wildcards to specify files or directories.
| Wildcard | Description | Example |
|---|---|---|
| * | Matches 0 or more consecutive characters up to a single subdirectory level. | C:\program files*\custom application\*.exe Approves any executable files in: C:\program files\custom application\ C:\program files(x86)\custom application\ |
| ** | Matches a partial path across all subdirectory levels and is recursive. | C:\Python27\Lib\site-packages\** Approves any files in that directory and all subdirectories. |
| ? | Matches 0 or 1 character in that position. | C:\Program Files\Microsoft Visual Studio 1?.0\** Approves any files in the MS Visual Studio version 1 or versions 10-19. |
