How executable files are deemed as an 'installer'.
What criteria is used by Cb Protection to determine if a file is an 'installer'?
The Cb Protection Agent looks at the file's contents.
Then, the Agent scans the file looking for various signatures that would indicate that the file has embedded executable content (like a zip/cab).
It also looks for characteristics common to known installer technologies, like the ones found inside a standard-compliant MSI or typical Wyse or InstallShield package.
The full set of heuristics and data detail is something Carbon Black updates regularly as we encounter new vendor technologies and field edge cases.