Environment
- Carbon Black Cloud Console: All Versions
- Endpoint Standard Sensor: All Versions
- Microsoft Windows: All Supported Versions
- Apple MacOS: All Supported Versions
Question
How are reputations assigned for files?
Answer
- Reputation assignment depends on the type of file (Pre-Existing, New, Network), CB Defense Configuration (Background Scan, Local Scanner Configuration, Delay Execute for Cloud Scan, Scan Files on Network Drives, Scan Execute on Network Drives), where the file is at in the execution process (No Execute, Pre-Execute, Post-Execute) and the Endpoint Standard: Reputation Priority. For more details, see the following articles:
- Carbon Black Cloud: How Are Reputations Assigned for Pre-Existing Files?
- Carbon Black Cloud: How Are Reputations Assigned for New Files?
- CB Defense: How Are Reputations Assigned for Network Files?
Additional Notes
- Pre-Existing Files: Files that existed on the device prior to the sensor being installed
- New Files: Files that are created or downloaded on the device after the sensor is installed
- Network Files: Files that exist on network drives
- No Execute: Pre-existing files which never executed or new files that were dropped or created on the hard disk but never executed
- Pre-Execute: Pre-execute refers to the first time that a file is attempting to execute
- Post-Execute: Post-execute refers to files which are already running or which have run before
- Definite Reputation: Anything other than NOT_LISTED or UNKNOWN
Related Content
