Predefined Carbon Black Cloud policies are devised as templates for common use cases. You can assign sensors to these policies, change the policy settings, or duplicate the settings to create a new policy. You cannot delete predefined policies.
The default policies establish a baseline level of enforcement for endpoints in your environment. Your policy settings will ultimately dictate what is prevented and allowed on your endpoints.
| Policy | Description | Note |
|---|---|---|
| Standard | Blocks known and suspected malware, and prevents risky operations like memory scraping and code injections. Newly deployed sensors are assigned this policy by default. It is the recommended starting point for new deployments. | Review and refine the Standard policy rules to avoid unnecessary blocks or false positives that are triggered by in-house or custom software applications, which may have reputations that the Carbon Black Cloud does not recognize. |
| Monitored | Monitors endpoint application activity and logs events to the Dashboard. With the exception of Malware, this policy has no preventative capabilities.
Note: You can disable Malware blocking using the
Policy Service API. Set DISABLE_MALWARE_SERVICES to false.
|
Use the data that this policy provides to evaluate policy rule implementation needs. |
| Advanced | Extends the capabilities of the Standard policy. It blocks operations from system utilizing, and prevents riskier behaviors that are more likely to be false positives. | Use a phased roll-out approach to implement any new or Advanced policy rules. We recommend assigning Advanced policies to a group of pilot endpoints, and watching for false positives or blocks on legitimate software before rolling them out to more endpoints. |
