Adding to the banned list prohibits the presence and actions of specified applications. Adding to the banned list is "global" in its effects and applies to all policies attached to a particular version of an application.
-
You can apply bans on the Investigate, Alerts, or Process Analysis pages.
- For standalone Carbon Black Cloud Enterprise EDR, this feature is limited to hash banning.
Using wildcards
When adding the path, you can use wildcards to target certain files or directories. Be as specific as possible when approving certs because using wildcards can lead to incidentally approving malicious software that appears to be signed by a trusted certificate authority.
| Wildcard | Description | Example |
|---|---|---|
| * | Matches 0 or more consecutive characters up to a single subdirectory level. | C:\program files*\custom application*.exe Approves any executable files in: C:\program files\custom application\ C:\program files(x86)\custom application\ |
| ** | Matches a partial path across all subdirectory levels and is recursive. | C:\Python27\Lib\site-packages** Approves any files in that directory and all subdirectories. |
| ? | Matches 0 or 1 character in that position. | C:\Program Files\Microsoft Visual Studio 1?.0** Approves any files in the MS Visual Studio version 1 or versions 10-19. |
