Environment
- CB Protection Server: 7.x and Higher
- CB Protection Agent: 7.x and Higher
Question
What are these "File Group Created" Events?
Answer
- The "File Group Created" events are generated by the Protection server in an effort to help identify and group files installed by the same installer. This can aid in administration and file approval/banning as it will help in providing context and a list of files written by the installer.
- The file group will take on the name of the installer executable but will be updated if the agent is able to find an application name in "Program and Features" that matches the files/installer seen.
Additional Notes
- Files that are ignored via agent configs or by rules should not trigger a "File Group Created" event.
- The "Write" operation is most commonly associated with this event which can be used when writing Expert Rules.
Related Content