Use permission rules to allow and log behavior, or to have the Carbon Black Cloud bypass a path entirely. Create permissions rules to set up exclusions for other AV/security products or to remove impediments for software developers' workstations.
Operating system environment variables can be used as part of a policy rule in a path. For example: %WINDIR%.
On the left navigation pane, click Enforce > Policies.
Select a policy.
Click the Prevention tab and expand Permissions.
Click Add application path, or click the pencil icon next to an existing rule to edit it.
Type the application path in the text box.
When adding a path, you can use wildcards to specify files or directories. For an explanation of how wildcards work in policy paths, see
Prevention Policy Settings. You can add multiple paths on separate lines. You can delete a rule by clicking the
trash can icon.
Select the desired Operation Attempt and Action attributes.
Figure 1. Permissions Rule Attributes
We recommend that you test a new rule's settings before you apply it in your environment. Click Test rule for any setting. The system checks to see how the rule would have affected your organization over the last 30 days. You can use this data to confirm or modify your settings.
To apply the changes, select Confirm and click Save.
