Access official resources from Carbon Black experts
Why isn't the reputation updated from NOT_LISTED to LOCAL_WHITE when the Certificate or IT Tools whitelisting methods are used?
To see if the Certificate or IT Tools reputation was applied to the application when it executed, you can check the event details. In the event details, the "App Reputation (applied, [source])" field will display the reputation applied at the time of the event.
The [source] field will display the source of the file's reputation when it was applied: Ex: pre-existing, cert, etc..
For instance, in the example below, the reputation of NOT_LISTED is the hash based reputation, but the LOCAL_WHITE reputation was applied because the certificate of the file was whitelisted.
App Reputation: NOT_LISTED App Reputation (applied, cert whitelisting): LOCAL_WHITE
https://community.carbonblack.com/docs/DOC-7247
Cb Defense: How to Utilize Certs Whitelist Feature
Cb Defense: How to Utilize IT Tools Whitelist Feature
Cb Defense: Difference in whitelisting by hash versus Certs or IT Tools
Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.