Environment
- App Control Console: All Supported Versions
Question
What triggers the “Malicious File Detected” Event?
Answer
The "Malicious File Detected" Events occurs in two scenarios:
- Following a "New File on Network" Event for a file that is already assigned a Malicious reputation.
- When the Carbon Black Reputation (or another integrated service) has updated the file's reputation to Malicious.
Additional Notes
- The "Alert Triggered" Events only occur once per "Malicious File Detected" Alert. If the Alert is not reset between Events, there will only be one "Alert Triggered" Event.
- Connector settings can be found in the Console > System Configuration (gear icon) > Connectors.
- More information on what determines the Carbon Black File Reputation of Malicious can be found here.
- To report a False Positive or False Negative please follow the instructions outlined here.
Related Content