What triggers the “Malicious File Detected” Event?
Environment
App Control Console: All Supported Versions
Resolution
The "Malicious File Detected" Events occurs in two scenarios:
Following a "New File on Network" Event for a file that is already assigned a Malicious reputation.
When the Carbon Black Reputation (or another integrated service) has updated the file's reputation to Malicious.
Additional Information
The "Alert Triggered" Events only occur once per "Malicious File Detected" Alert. If the Alert is not reset between Events, there will only be one "Alert Triggered" Event.
Connector settings can be found in the Console > System Configuration (gear icon) > Connectors.
More information on what determines the Carbon Black File Reputation of Malicious can be found here.