The following table describes whether certain features can be configured for Carbon Black EDR sensor groups.
Feature |
Windows |
Linux |
macOS |
|---|---|---|---|
Alerts Critical Level |
Yes |
Yes |
Yes |
Banning Settings |
Yes |
Yes |
Yes |
Binaries (Enable/Disable) |
Yes |
Yes |
Yes |
Binary Info (Enable/Disable) |
Yes |
Yes |
Yes |
BinaryModule loads (Enable/Disable) |
Yes |
Yes |
Yes |
Child Process events (Enable/Disable) |
Yes |
Yes |
Yes |
Cross Process events (Enable/Disable) |
Yes |
N/A |
N/A |
Retention Maximization (Enable/Disable) |
Yes |
No |
Yes |
EMET events (Enable/Disable) |
Yes |
N/A |
N/A |
File Modifications (Enable/Disable) |
Yes |
Yes |
Yes |
Known DLLs (Dylib/Mac) Filtering (Enable/Disable) |
Yes |
No |
Yes |
Network Connections (Enable/Disable) |
Yes |
Yes |
Yes |
Non-Binary File Writes (Enable/Disable) |
Yes |
No |
No |
Process Information (Enable/Disable) |
Yes |
Yes |
Yes |
Process user context (Enable/Disable) |
Yes |
Yes |
Yes |
Registry modifications (Enable/Disable) |
Yes |
N/A |
N/A |
Sensor Name |
Yes |
No |
No |
Sensor Network Throttling |
Yes |
No |
Yes |
Sensor Upgrade Policy |
Yes |
Yes |
Yes |
Sensor-side Max Disk Usage (%) |
Yes |
Yes |
Yes |
Sensor-side Max Disk Usage (MB) |
Yes |
Yes |
Yes |
Server TLS certificate swapping (choose cert) |
Yes |
No |
Yes |
Server TLS strict certificate validation |
Yes |
No |
Yes |
Tamper Level Settings |
Yes |
N/A |
N/A |
VDI Behavior Enabled |
Yes |
Yes |
Yes |
