Core Prevention Exclusions Release

Posted on September 14, 2023

Core Prevention Exclusions marks a major milestone in our ongoing mission to give you greater control over your security policies. It’s designed to address a common challenge faced by security professionals - false positives. In the past, if a legitimate process triggered a Core Prevention rule, your only recourse was to disable the entire category, potentially leaving your systems vulnerable. However, with Core Prevention Exclusions, those days are behind us.

Fine-Tune with Precision

One of the most exciting aspects of Core Prevention Exclusions is the ability to create granular, process-based exclusions within each category. This means you can now allow essential business processes to run, even in the event of a false positive block. By doing so, you maintain the integrity of your security while ensuring that your critical workflows remain uninterrupted.

Unprecedented Customization

For the first time, our customers have the power to create process exclusions based on a variety of attributes related to either the primary or parent process. This level of customization enables you to:

Specify Process Path: Exclude processes based on their file path, ensuring that applications in specific directories are never blocked.
Command Line Control: Create exclusions based on command lines, allowing you to safeguard scripts and activities that leverage specific command-line arguments.
Hash-Based Exclusions: If you have processes with known, legitimate hashes, you can exclude them from Core Prevention rules.
Certificate Trust: Exclude processes with trusted digital certificates, enhancing your control over security exceptions.

Resources

API Documentation
Carbon Black Postman Workspace
Carbon Black Cloud Python SDK
Carbon Policy Replicator - GUI tool to replicate Policies and rules to an unlimited number of Organizations across different Environments
Carbon Black Cloud User Guide - Enforce - Managing Policies