App Control: How Is a File’s Trust Rating Calculated?
book
Article ID: 286536
calendar_today
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
How is a file's Trust Rating calculated by App Control?
Environment
App Control Server: All Supported Versions
Carbon Black File Reputation Service
Resolution
A file's Trust Rating in the Carbon Black File Reputation service (CDC) is based on a proprietary algorithm that takes the following factors into account:
Source Trust - the origin of the file
Publisher Trust - whether the file has a signed digital certificate and the trust associated with that specific certificate
Malware Severity - whether AV scanners identify the file as malicious or potentially malicious; files in the CDC database are scanned by multiple AV products
Vulnerability Severity - whether there is a known vulnerability for the file (specifically, a Microsoft reported vulnerability), and if so, how severe
Duration Seen - how long the CDC has seen this file in the field
First Seen - when this file was first seen in the field by the CDC
Prevalence - how common this file is in the field, as reported to the CDC