App Control: Malicious File Alert for File With Old First Seen Date
search cancel

App Control: Malicious File Alert for File With Old First Seen Date


Article ID: 286445


Updated On:


Carbon Black App Control (formerly Cb Protection)


Malicious File Events generated for files that have an old First Seen Date.


  • App Control Console: All Supported Versions
  • App Control Agent: All Supported Versions


The database used for the CDC is constantly updated with new malware feed information, threat research results, and more. The updates can cause a file’s existing Trust and Threat Score to change. This information is then passed down to the App Control Server through the CDC service. Any file that is in the DAS database’s historical file catalog that changed will trigger the Malicious File Event accordingly. Even if the file is no longer present in the environment.


  1. Click the File Name from the Event
  2. When the File Details page loads locate General > File Prevalence
    • If Prevalence is more than 0: Use the Related Views menu on the right-hand side to find the File Instances or Computers with the file. Deleting the file, or creating a File Ban would be a recommended action.
    • If Prevalence is 0: Consider enabling Zero Prevalence Pruning to prevent future occurrences in this situation.

Additional Information

  • The default approach for this configuration (retaining file information and generating alerts for malicious reputation) is that at some point malware existed in the environment.