The Carbon Black File Reputation Service uses data from a combination of distribution partners, web crawlers, honeypots, and the Carbon Black user community. For files currently in the database; Carbon Black File Reputation data provides contextual information such as who published the file and what product (if any) it is associated with. It also screens software using multiple anti-malware tools and cross-references it against third-party vulnerability databases. The Event for "Malicious file detected" indicates that a data source flagged the file as potentially malicious.
To report a False Positive or False Negative please follow the following KB article Reporting Malware False Positives to Carbon Black (broadcom.com)