Carbon Black Cloud allows for process-based exclusions in each Core Prevention category. In the case of a false positive, you can add process-based exclusions instead of disabling an entire Core Prevention category.
You can add an exclusion for either the parent process or the primary process, thus providing more options to exclude a particular use case.
For information and recommendations about using Core Prevention Policy Exclusions or Permissions, see Comparing Permissions to Exclusions.
Wildcard Guidelines and Examples
When you add a path to the path, commandline, or certificate fields, you can use wildcards to specify files or directories.
| Wildcard | Description | Example |
|---|---|---|
| * | Matches 0 or more consecutive characters up to a single subdirectory level. | C:\program files*\custom application\*.exe Approves any executable files in: C:\program files\custom application\ C:\program files(x86)\custom application\ |
| ** | Matches a partial path across all subdirectory levels and is recursive. | C:\Python27\Lib\site-packages\** Approves any files in that directory and all subdirectories. |
| ? | Matches 0 or 1 character in that position. | C:\Program Files\Microsoft Visual Studio 1?.0\** Approves any files in the MS Visual Studio version 1 or versions 10-19. |
Syntax Guidelines and Examples
Command lines can include leading or trailing whitespaces, but their number and location must be exact to correctly identify the process.
Paths cannot end with a period or whitespace, and Windows Environment variables like %System% are not allowed.
The following path entries are accepted:
| Type | Example |
|---|---|
| NT device paths | \\?\globalroot\device\harddiskvolume1\example.exe |
| Volume GUID names | \\?\Volume{34b06610-97bc-4d11-b040-tc8a7bff1f41}\ |
| Paths without pathname separators (backslash) or extensions | system, registry |
| Paths starting with system-wide DOS drive letters | c:\test.exe, d:\example.exe |
| Alternate Data Stream (ADS) names | c:\example.exe:test.txt |
| UNC device paths | \\server\share\directory\file.exe |
