App Control: What Triggers the Malicious File Detected Event?
Article ID: 286482
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
What triggers the “Malicious File Detected” Event?
Environment
- App Control Console: All Supported Versions
Resolution
The "Malicious File Detected" Events occurs in two scenarios:
- Following a "New File on Network" Event for a file that is already assigned a Malicious reputation.
- When the Carbon Black Reputation (or another integrated service) has updated the file's reputation to Malicious.
Additional Information
- The "Alert Triggered" Events only occur once per "Malicious File Detected" Alert. If the Alert is not reset between Events, there will only be one "Alert Triggered" Event.
- Connector settings can be found in the Console > System Configuration (gear icon) > Connectors.
- More information on what determines the Carbon Black File Reputation of Malicious can be found here.
- To report a False Positive or False Negative please follow the instructions outlined here.
Feedback
Yes
No
Powered by
