Security Connect 2021 is coming Jun 3. Register for free today!

CB Defense: How Are Reputations Assigned for Pre-Existing Files?

CB Defense: How Are Reputations Assigned for Pre-Existing Files?

Environment

  • CB Defense PSC Console: All Versions
  • CB Defense Sensor: All Versions
  • Microsoft Windows: All Supported Versions
  • Apple MacOS: All Supported Versions

Question

How are reputations assigned for Pre-Existing Files?

Answer

No Execute

  1. By default, all pre-existing files will be assigned a reputation of LOCAL_WHITE with an initial trust so that the file will be allowed to run upon execute
  2. If Background Scan is enabled, the reputation may be upgraded if a definite reputation is returned from the Predictive Security Cloud (PSC)
  3. Background Scan does not apply to new files or files that exist on network drive

Pre-Execute

  1. By default, all pre-existing files will be assigned a reputation of LOCAL_WHITE with an initial trust so that the file will be allowed to run upon execute
  2. If Background Scan is enabled, the reputation may be upgraded if a definite reputation is returned from the PSC
  3. Background Scan does not apply to new files or files that exist on network drive
  4. When the Local Scanner’s On-Access File Scan Mode is set to Normal, the Local Scanner will only scan all new files the first time that they execute. However, when the On-Access File Scan Mode is set to Aggressive then the Local Scanner scans all files including pre-existing files on execute
  5. If the Local Scanner obtained a more definite reputation than the reputation obtained by Background Scan, then the reputation will be upgraded

Additional Notes

  • Pre-Existing Files: Files that existed on the device prior to the sensor being installed
  • New Files: Files that are created or downloaded on the device after the sensor is installed
  • Network Files: Files that exist on network drives
  • No Execute: Pre-existing files which never executed or new files that were dropped or created on the hard disk but never executed
  • Pre-Execute: Pre-execute refers to the first time that a file is attempting to execute
  • Post-Execute: Post-execute refers to files which are already running or which have run before
  • Definite Reputation: Anything other than NOT_LISTED or UNKNOWN

Related Content


Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎07-31-2018
Views:
1268
Contributors