You can create antivirus (AV) exclusion rules, including those specific to various endpoint platforms.
To run as usual, other AV products require custom rules.
If you use other security products, create the following exclusions for the Carbon Black Cloud sensor:
Linux
| /var/opt/carbonblack/ |
| /opt/carbonblack/ |
macOS
| /Applications/Confer.app/ |
| /Applications/VMware Carbon Black Cloud |
| /Library/Application Support/com.vmware.carbonblack.cloud/ |
| /Library/Extensions/CbDefenseSensor.kext |
Windows Folders
| C:\Program Files\Confer\ |
| C:\ProgramData\CarbonBlack\ |
Windows Files
| C:\Windows\System32\drivers\ctifile.sys | C:\Windows\System32\drivers\ctinet.sys | C:\Windows\System32\drivers\cbelam.sys |
| C:\Windows\system32\drivers\cbdisk.sys | C:\windows\system32\CbAMSI.dll | C:\windows\system32\ctiuser.dll |
| C:\windows\syswow64\CbAMSI.dll |
C:\windows\syswow64\ctiuser.dll | C:\Windows\Syswow64\ctintev.dll |
| C:\Program Files\Confer\BladeRunner.exe | C:\Program Files\Confer\CbNativeMessagingHost.exe | C:\Program Files\Confer\RepCLI.exe |
| C:\Program Files\Confer\RepMgr.exe | C:\Program Files\Confer\RepUtils.exe | C:\Program Files\Confer\RepUx.exe |
| C:\Program Files\Confer\RepWAV.exe | C:\Program Files\Confer\RepWmiUtils.exe | C:\Program Files\Confer\RepWSC.exe |
| C:\Program Files\Confer\Uninstall.exe | C:\Program Files\Confer\VHostComms.exe | C:\Program Files\Confer\Blades\LiveQuery\osqueryi.exe |
| C:\Program Files\Confer\scanner\scanhost.exe | C:\Program Files\Confer\scanner\upd.exe |
Set Antivirus Exclusion Rules
Use this procedure to create AV exclusion rules, including those specific to various endpoint platforms.
Note: Some security vendors may require a trailing asterisk (*) to signify all directory contents.
Procedure
- On the left navigation pane, click .
- Select the policy.
- Click the Prevention tab and expand Permissions.
- Click Add application path.
- Enter the AV's recommended file/folder exclusions from the security vendor.
- Set the operation attempt Performs any API operation to Bypass.
- To apply the changes, click Confirm and then click Save.
