CB Protection: What are these "File Group Created" Events?
search cancel

CB Protection: What are these "File Group Created" Events?

book

Article ID: 290661

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

What are these "File Group Created" Events?

Environment

  • CB Protection Server: 7.x and Higher
  • CB Protection Agent: 7.x and Higher

Resolution

  • The "File Group Created" events are generated by the Protection server in an effort to help identify and group files installed by the same installer. This can aid in administration and file approval/banning as it will help in providing context and a list of files written by the installer. 
  • The file group will take on the name of the installer executable but will be updated if the agent is able to find an application name in "Program and Features" that matches the files/installer seen.

Additional Information

  • Files that are ignored via agent configs or by rules should not trigger a "File Group Created" event.
  • The "Write" operation is most commonly associated with this event which can be used when writing Expert Rules.
Powered by Wolken Software