CarbonBlack Protection : How to use Timed Policy Overrides on windows PC

Using Timed Policy Overrides

You might need to install new applications on a selected computer under High Enforcement Level protection. You can do this by temporarily giving the computer permission to execute any files that are not banned by putting to Local approval Policy

When a computer is disconnected from the network it cannot be controlled directly from the Cb Protection Server.By putting those computers in local approval mode, You can generate a special code that can be entered on a agent-managed computer to switch its Enforcement Level for a specified amount of time. The code is specific to one agent, and it can be used only once. .

While especially convenient for disconnected computers, a timed policy override may be used for a connected computer. The override procedures disconnects the agent during the override.

Note:  Use of timed overrides is not recommended for Windows computers that are currently connected to the Cb Protection Server.

To generate a code to place a computer in temporary local approval mode:

1.On the console menu, choose Assets > Computers.

2. Choose the desired computer from the list of computers and click on it.The Computer Details page for that system appears.

3.Click the Policy Override tab in the panel at the bottom of the page. 

4.In the Temporary Policy Override Code panel,leave the default choice for Temporary Enforcement, which is Local Approval.

5.In the Enforcement Level Active For box, enter the number of minutes (up to 500) you want the Enforcement Level change to last.

6.In the Key Valid For box, enter the length of time you want the override code to be valid. Your choice for this field should take into account how long it will take to get the key to the computer user who needs it and how quickly they will be able to enter it.

7.When you have entered all parameters, click the Generate Code button. A code with nine sets of letters separated by dashes appears in the box next to the button.

8.Copy and save the code from the box (and note the computer name) so that you can deliver it to the person who will be installing new software on the offline computer. The code is not saved on the Computer Details page, so you must record it.

The procedure for applying the override code on windows computer

On Windows computers, disconnecting the agent from Cb Protection Server is strongly recommended before initiating an override.

To use a Timed Policy Override code on a Windows computer:

1.On the offline computer, locate and run the program TimedOverride.exe, which is in the Cb Protection Agent installation directory. An authorization dialog box appears.

Note : In windows 7 you can find it under "C:\Program Files (x86)\Bit9\Parity Agent\TimedOverride.exe"

2.Enter the override code for this agent into the dialog box and click OK.

-If the code entered is invalid or expired, or if TimedOverride.exe is unable to communicate with the Cb Protection Agent for any reason, an error message will be displayed. After three invalid attempts, the program automatically closes.

-If a valid code is entered and the Enforcement Level transition is successful, no message is displayed but the dialog box closes.

3.If there was no error code and the dialog box is no longer displayed, you can begin installing the new software needed on this machine (assuming your override code was for Local Approval). The Enforcement Level will return to its original Enforcement Level after the time period configured when the code was generated.