App Control: What Triggers the Malicious File Detected Event?
book
Article ID: 286482
calendar_today
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
What triggers the “Malicious File Detected” Event?
Environment
App Control Console: All Supported Versions
Resolution
The "Malicious File Detected" Events occurs in two scenarios:
Following a "New File on Network" Event for a file that is already assigned a Malicious reputation.
When the Carbon Black Reputation (or another integrated service) has updated the file's reputation to Malicious.
Additional Information
The "Alert Triggered" Events only occur once per "Malicious File Detected" Alert. If the Alert is not reset between Events, there will only be one "Alert Triggered" Event.
Connector settings can be found in the Console > System Configuration (gear icon) > Connectors.
More information on what determines the Carbon Black File Reputation of Malicious can be found here.