logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

App Control: How to Verify the Process is Marked as an Installer?

App Control: How to Verify the Process is Marked as an Installer?

Environment

  • App Control Console (formerly CB Protection): All Supported Versions

Objective

How to verify the process is marked as an installer in the console?

Resolution

  1. Log into the App Control console
  2. Navigate to Assets > Files 
  3. Look for the file by Hash or by Name, adding the respective filters
  4. Click on View details in file in question
  5. Confirm it is marked as installer

Additional Notes

  • Linux files are not recognized as installers.
  • Mac files recognized as installers are packages – files with .PKG extensions and properly defined archive headers. Because of this, using the Mark as installer feature might be particularly useful for these platforms
  • Files identified as installers do transfer their approval status to files that they generate, if any
  • When troubleshooting unexpected blocks compare the hash of the process in the block event, to the process marked as installer, as there may be different versions of the same file

Related Content


Labels (1)
Labels:
Tags (2)
Was this article helpful? Yes No
0% helpful (0/1)
Article Information
Author:
CB_Support
Creation Date:
‎09-02-2020
Views:
922
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.