Adding a specific application to your company approved list can eliminate unwanted alerts or lower the relative threat level for such alerts.

Approve IT tools to assign an initial elevated trust to code that is dropped by known IT tools.
Note: This feature is not available for customers with standalone Carbon Black Cloud Enterprise EDR.

The following procedure uses the Reputation page; however, you can also add to the approved list on the Investigate, Process Analysis, and Alerts pages.

Prerequisites

Learn more About adding to approved list, when to use it, and how it differs from permission rules.

Procedure

  1. Click Enforce > Reputation.
  2. Click Add and select IT Tools as the type.
  3. Add the path of the IT tool that drops code, receives initial trust, and is allowed.
    \Trusted_Installer.exe
  4. Optional: Select Include all child processes.
    Important: If selected, files dropped by child processes of the IT tool that is defined in the Path field also receive the initial trust. This is useful when IT tools create a child process to delegate work to, and the child process represents a generic executable, such as a copy command.
  5. Enter Comments and click Add.

Results

Important: Applications added to the approved list are assigned the LOCAL_WHITE reputation and are not stalled for static analysis or cloud reputation as they are executed.