What data does Carbon Black use to determine the Reputation of Malicious?

The Carbon Black File Reputation Service uses data from a combination of distribution partners, web crawlers, honeypots, and the Carbon Black user community. For files currently in the database; Carbon Black File Reputation data provides contextual information such as who published the file and what product (if any) it is associated with. It also screens software using multiple anti-malware tools, and cross-references it against third-party vulnerability databases. The Event for "Malicious file detected" indicates that a data source flagged the file as potentially malicious.

To report a False Positive or False Negative please follow the instructions outlined here.