Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

CB Protection: What are these "File Group Created" Events?

CB Protection: What are these "File Group Created" Events?

Environment

  • CB Protection Server: 7.x and Higher
  • CB Protection Agent: 7.x and Higher

Question

What are these "File Group Created" Events?

Answer

  • The "File Group Created" events are generated by the Protection server in an effort to help identify and group files installed by the same installer. This can aid in administration and file approval/banning as it will help in providing context and a list of files written by the installer. 
  • The file group will take on the name of the installer executable but will be updated if the agent is able to find an application name in "Program and Features" that matches the files/installer seen.

Additional Notes

  • Files that are ignored via agent configs or by rules should not trigger a "File Group Created" event.
  • The "Write" operation is most commonly associated with this event which can be used when writing Expert Rules.

Related Content


Labels (1)
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎02-06-2019
Views:
347
Contributors