Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

CB Protection: How Is A File Approved Via A Cache Consistency Check?

CB Protection: How Is A File Approved Via A Cache Consistency Check?

Environment

  • CB Protection Server: 8.1.6
  • CB Protection Agent: 8.1.6

Question

How is a file approved via a cache consistency check?

Answer

  • Files on endpoint are either banned or locally approved during initialization; if file is not banned, then it it locally approved.
  • A cache consistency check confirms that each file in the agent's cache exists, verifies that it is still an executable file that should be tracked, and compares the size of each file on disk to the size stored in its cache the last time the file was analyzed. If a file no longer exists, it is removed from the cache.
  • Since file was not banned, nor blocked/deleted, and the agent was in Low Enforcement, it was locally approved during a cache consistency check.

Related Content


Labels (1)
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎04-30-2020
Views:
412
Contributors