Core Prevention Exclusions allow Carbon Black Cloud Endpoint Standard customers to enforce process-based exclusions to a Core Prevention to tune its prevention efficacy; for example, to minimize its false positives and unwanted preventions.

Unlike Permissions, which apply broadly to multiple forms of Carbon Black Cloud Endpoint Standard preventions (including Core Preventions*), Core Prevention Exclusions apply only to the respective Core Prevention to which they are added.

Note: *A Permissions Performs any operation - Bypass applies to all Core Preventions on Windows sensors 3.9.1+. It applies to only some Core Preventions on Windows sensors < 3.9.1.

Core prevention start screen

Permissions only allow you to specify the process by its file path. However, Core Prevention Exclusions allow you to specify the excluded process by defining the Certificate, CMD, Path, and/or SHA-256 attributes of the process and/or its parent process.

Add exclusion window showing attributes

See Core Prevention Policy Exclusions.

Recommendation: Core Prevention Exclusions are intended to minimize false positives and maximize the efficacy of each Core Prevention. Use Core Prevention Exclusions to enforce exclusions to a specific Core Prevention; use Permissions to enforce broader exclusions that apply to all preventions.

If you are a Carbon Black Cloud Endpoint Standard customer who has implemented a Permission to tune a Core Prevention, replace the Permission with a more targeted Core Prevention Exclusion to minimize the loss of visibility and security efficacy.