Skip to content Skip to site navigation

Cb Protection Enforcement Modes

Cb Protection provides five enforcement levels, which are described below:

 

Terminology:

  • Approval: A file is whitelisted, or trusted. Files can be approved locally, across one or more policies, or globally for all policies.
  • Interesting: The group of files Cb Protection is monitoring, defined by file type. For example:  .exe, .sys, .dll, .ps1
  • Initialization: A process in which the agent goes through the file system and locally approves all files currently on the system.

Disabled mode

  • The agent is in Disabled mode when first installed.
  • The agent communicates with the Cb Protection Server, but does not monitor the file system or file activity, or block file execution.
  • Cb Protection must be in Disabled mode to be uninstalled.

Visibility mode

  • The agent performs an Initialization of the file system.
  • The agent monitors the file system for changes and Interesting file executions.
  • No blocking actions are taken.
  • The agent reports on file system activity, and what action would be taken if the Cb Protection agent were at a higher enforcement level.

Low enforcement mode

  • The agent monitors the file system for changes and for Interesting file executions.
  • The agent blocks blacklisted Interesting files from executing.
  • The agent reports on activity, and what action would be taken if Cb Protection were at a higher enforcement level.

Medium enforcement mode

  • The agent monitors the file system for changes and for Interesting file executions.
  • The agent blocks all unapproved Interesting files from executing.
  • In the event of an execution block, a pop-up window asks the user whether they want to approve the unapproved file locally and allow it to execute.

High enforcement mode

  • The agent monitors the file system for change and for Interesting file executions.
  • The agent blocks all unapproved Interesting files from executing.
  • A pop-up window tells the user that the file was blocked by Cb Protection, and that the user can request that the Cb Protection administrators approve the file.

 

See Cb Protection Frequently Asked Questions for more information, or submit a Help ticket.

 

Last modified April 26, 2017