Environment
- CB Defense PSC Console: All Versions
- CB Defense Sensor: All Versions
- Microsoft Windows: All Supported Versions
- Apple MacOS: All Supported Versions
Question
How are reputations assigned for Pre-Existing Files?
Answer
No Execute
- By default, all pre-existing files will be assigned a reputation of LOCAL_WHITE with an initial trust so that the file will be allowed to run upon execute
- If Background Scan is enabled, the reputation may be upgraded if a definite reputation is returned from the Predictive Security Cloud (PSC)
- Background Scan does not apply to new files or files that exist on network drive
Pre-Execute
- By default, all pre-existing files will be assigned a reputation of LOCAL_WHITE with an initial trust so that the file will be allowed to run upon execute
- If Background Scan is enabled, the reputation may be upgraded if a definite reputation is returned from the PSC
- Background Scan does not apply to new files or files that exist on network drive
- When the Local Scanner’s On-Access File Scan Mode is set to Normal, the Local Scanner will only scan all new files the first time that they execute. However, when the On-Access File Scan Mode is set to Aggressive then the Local Scanner scans all files including pre-existing files on execute
- If the Local Scanner obtained a more definite reputation than the reputation obtained by Background Scan, then the reputation will be upgraded
Additional Notes
- Pre-Existing Files: Files that existed on the device prior to the sensor being installed
- New Files: Files that are created or downloaded on the device after the sensor is installed
- Network Files: Files that exist on network drives
- No Execute: Pre-existing files which never executed or new files that were dropped or created on the hard disk but never executed
- Pre-Execute: Pre-execute refers to the first time that a file is attempting to execute
- Post-Execute: Post-execute refers to files which are already running or which have run before
- Definite Reputation: Anything other than NOT_LISTED or UNKNOWN
Related Content