All Reporting and Sensor Operations Exclusions are the most comprehensive and severe form of exclusion. It is available to customers who have Carbon Black Cloud Endpoint Standard and Carbon Black Cloud Enterprise EDR.
For the specified criteria, this exclusion type impacts the reporting of relevant Observations and Alerts that are associated with Carbon Black Cloud Endpoint Standard, the reporting of relevant process events and Watchlist hits and alerts that are associated with Carbon Black Cloud Enterprise EDR, and numerous sensor operations that are associated with both products.
Impacted:
- Reporting of the following Observation types for the excluded process criteria:
- Blocked hash
- CB Analytics
- Contextual activity
- Host-based Firewall (if applicable)
- Intrusion Detection System (if applicable)
- Network Traffic Analysis (if applicable)
- TAU intelligence
- Relevant blocks and preventions, including hash bans and Core Preventions
- Reporting of process events, except for child process creation (childproc) events
- Relevant Watchlist detections and the reporting of hits and alerts associated with those detections
Not Impacted:
- Reporting of the Indicator of Attack Observation type for the excluded process criteria
- Reporting of process creations, including child process creation (childproc) events, and terminations
- Sensor tamper detection and protection. Tamper Observations that pertain to the excluded process criteria persist.