Knowledge Base

Yes

Environment

How are reputations assigned for Pre-Existing Files?

No Execute

By default, all pre-existing files will be assigned a reputation of LOCAL_WHITE with an initial trust so that the file will be allowed to run upon execute
If Background Scan is enabled, the reputation may be upgraded if a definite reputation is returned from the Predictive Security Cloud (PSC)
Background Scan does not apply to new files or files that exist on network drive

Pre-Execute

By default, all pre-existing files will be assigned a reputation of LOCAL_WHITE with an initial trust so that the file will be allowed to run upon execute
If Background Scan is enabled, the reputation may be upgraded if a definite reputation is returned from the PSC
Background Scan does not apply to new files or files that exist on network drive
When the Local Scanner’s On-Access File Scan Mode is set to Normal, the Local Scanner will only scan all new files the first time that they execute. However, when the On-Access File Scan Mode is set to Aggressive then the Local Scanner scans all files including pre-existing files on execute
If the Local Scanner obtained a more definite reputation than the reputation obtained by Background Scan, then the reputation will be upgraded

Pre-Existing Files: Files that existed on the device prior to the sensor being installed
New Files: Files that are created or downloaded on the device after the sensor is installed
Network Files: Files that exist on network drives
No Execute: Pre-existing files which never executed or new files that were dropped or created on the hard disk but never executed
Pre-Execute: Pre-execute refers to the first time that a file is attempting to execute
Post-Execute: Post-execute refers to files which are already running or which have run before
Definite Reputation: Anything other than NOT_LISTED or UNKNOWN