- While investigating an alert please also review the Binary Details of a file. This will allow you to understand more about the file and see how CBC has the file listed.
- If you choose to ban a known good and trusted white list item you will be prompted with a page that will tell you how many times the Hash has been seen in your organization over the last six months along with the current Cloud Reputation and Singed by.
- If you continue to add the file you will be required to select a check a box beside a note stating
"I agree to add this hash to the company Banned list"
with a warning above stating
"This hash is commonly trusted and widely used. Ban Anyway?"
in
Red.
Example:The hash for svchost.exe is an example of a file that will prompt you in this method.
hash:add683a6910abbbf0e28b557fad0ba998166394932ae2aca069d9aa19ea8fe88
Prompt #1:
Prompt #2: