You can create antivirus (AV) exclusion rules, including those specific to various endpoint platforms.

To run as usual, other AV products require custom rules.

If you use other security products, create the following exclusions for the Carbon Black Cloud sensor:

Linux

/var/opt/carbonblack/
/opt/carbonblack/

macOS

/Applications/Confer.app/
/Applications/VMware Carbon Black Cloud
/Library/Application Support/com.vmware.carbonblack.cloud/
/Library/Extensions/CbDefenseSensor.kext

Windows Folders

C:\Program Files\Confer\
C:\ProgramData\CarbonBlack\

Windows Files

C:\Windows\System32\drivers\ctifile.sys C:\Windows\System32\drivers\ctinet.sys C:\Windows\System32\drivers\cbelam.sys
C:\Windows\system32\drivers\cbdisk.sys C:\windows\system32\CbAMSI.dll C:\windows\system32\ctiuser.dll

C:\windows\syswow64\CbAMSI.dll

C:\windows\syswow64\ctiuser.dll C:\Windows\Syswow64\ctintev.dll
C:\Program Files\Confer\BladeRunner.exe C:\Program Files\Confer\CbNativeMessagingHost.exe C:\Program Files\Confer\RepCLI.exe
C:\Program Files\Confer\RepMgr.exe C:\Program Files\Confer\RepUtils.exe C:\Program Files\Confer\RepUx.exe
C:\Program Files\Confer\RepWAV.exe C:\Program Files\Confer\RepWmiUtils.exe C:\Program Files\Confer\RepWSC.exe
C:\Program Files\Confer\Uninstall.exe C:\Program Files\Confer\VHostComms.exe C:\Program Files\Confer\Blades\LiveQuery\osqueryi.exe
C:\Program Files\Confer\scanner\scanhost.exe C:\Program Files\Confer\scanner\upd.exe

Set Antivirus Exclusion Rules

Use this procedure to create AV exclusion rules, including those specific to various endpoint platforms.

Note: Some security vendors may require a trailing asterisk (*) to signify all directory contents.

Procedure

  1. On the left navigation pane, click Enforce > Policies.
  2. Select the policy.
  3. Click the Prevention tab and expand Permissions.
  4. Click Add application path.
  5. Enter the AV's recommended file/folder exclusions from the security vendor.
  6. Set the operation attempt Performs any API operation to Bypass.
  7. To apply the changes, click Confirm and then click Save.