logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

CB Protection: What are these "File Group Created" Events?

CB Protection: What are these "File Group Created" Events?

Environment

  • CB Protection Server: 7.x and Higher
  • CB Protection Agent: 7.x and Higher

Question

What are these "File Group Created" Events?

Answer

  • The "File Group Created" events are generated by the Protection server in an effort to help identify and group files installed by the same installer. This can aid in administration and file approval/banning as it will help in providing context and a list of files written by the installer. 
  • The file group will take on the name of the installer executable but will be updated if the agent is able to find an application name in "Program and Features" that matches the files/installer seen.

Additional Notes

  • Files that are ignored via agent configs or by rules should not trigger a "File Group Created" event.
  • The "Write" operation is most commonly associated with this event which can be used when writing Expert Rules.

Related Content


Labels (1)
Labels:
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎02-06-2019
Views:
631
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.