What Triggers the Malicious File Detected Event
search cancel

What Triggers the Malicious File Detected Event

book

Article ID: 286482

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

What triggers the “Malicious File Detected” Event?

Environment

  • App Control Console: All Supported Versions

Resolution

Malicious File Detected Events will occur in either of the following two scenarios:

  • After a "New File on Network" event for a file that has already been classified as Malicious.
  • After Cloud Reputation Services update the Reputation of a hash from Clean/Unknown to Malicious for a file that exists now or had previously existed in the environment.
Important: Malicious File Detected Events will not happen every time a Malicious File is written on an endpoint. Consider adding an Event rule to ban Malicious hashes per this KB.

 

Additional Information

  • This Alert is not generated by the Agent when a Malicious file is written.
  • The "Alert Triggered" Events only occur once per "Malicious File Detected" Alert. If the Alert is not reset between Events, there will only be one "Alert Triggered" Event.
  • Connector settings can be found in the Console > System Configuration (gear icon) > Connectors.
  • More information on what determines the Carbon Black File Reputation of Malicious can be found here.
  • To report a False Positive or False Negative please follow the instructions outlined here.
Powered by Wolken Software