App Control: Receiving 'Malicious File Detected' Events for Banned or Approved Files
search cancel

App Control: Receiving 'Malicious File Detected' Events for Banned or Approved Files

book

Article ID: 290213

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

Receiving 'Malicious File Detected' Events on files that have already been Banned, or Approved.

Environment

  • App Control Server: All Supported Versions

Cause

Reputation of file has been updated in the CDC (CB Collective Defense Cloud). 

Resolution

There is no way to stop, or prevent the 'Malicious File Detected' Events from being generated, regardless if the file has been Banned or Approved.

Additional Information

  • There is also no way to stop/prevent 'Malicious File Detected'  Events from being sent to a SIEM
  • Filtering out these Events is performed on the Siem side. The Event Integration Guide provides details on the 'Event Fields' you can use in the Siem for filtering out these Events.
  • Following Feature Request has been created to include 'Global File State' status in Syslog output:
    https://community.carbonblack.com/t5/Idea-Central/Include-Global-File-State-Status-in-Syslog-Output/idi-p/28767
Powered by Wolken Software