Use this procedure to create AV exclusion rules, including those specific to various endpoint platforms.

To run as usual, other AV products require custom rules .

  1. On the Policies page, select the Prevention tab and open Permissions.
  2. Select the policy to update and click Add application path.
  3. Enter the AV's recommended file/folder exclusions from the security vendor.
  4. Set the operation attempt Performs any operation to Bypass.
  5. Click Confirm, then Save.

If you use other security products, create the following exclusions for the Carbon Black Cloud sensor:

Windows folders:

  • C:\Program Files\Confer\
  • C:\ProgramData\CarbonBlack\

Windows files:

  • C:\Windows\System32\drivers\ctifile.sys
  • C:\Windows\System32\drivers\ctinet.sys
  • C:\Windows\System32\drivers\cbelam.sys
  • C:\Windows\system32\drivers\cbdisk.sys
  • C:\Windows\Syswow64\ctintev.dll
  • C:\Program Files\Confer\BladeRunner.exe
  • C:\Program Files\Confer\CbNativeMessagingHost.exe
  • C:\Program Files\Confer\RepCLI.exe
  • C:\Program Files\Confer\RepMgr.exe
  • C:\Program Files\Confer\RepUtils.exe
  • C:\Program Files\Confer\RepUx.exe
  • C:\Program Files\Confer\RepWAV.exe
  • C:\Program Files\Confer\RepWmiUtils.exe
  • C:\Program Files\Confer\RepWSC.exe
  • C:\Program Files\Confer\Uninstall.exe
  • C:\Program Files\Confer\VHostComms.exe
  • C:\Program Files\Confer\Blades\LiveQuery\osqueryi.exe
  • C:\Program Files\Confer\scanner\scanhost.exe
  • C:\Program Files\Confer\scanner\upd.exe


  • /Applications/
  • /Applications/VMware Carbon Black Cloud
  • /Library/Application Support/
  • /Library/Extensions/CbDefenseSensor.kext


  • /var/opt/carbonblack/
  • /opt/carbonblack/
Note: Some security vendors may require a trailing asterisk (*) to signify all directory contents.