App Control: How to Verify the Process is Marked as an Installer?
Article ID: 291204
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
How to verify the process is marked as an installer in the console?
Environment
- App Control Console (formerly CB Protection): All Supported Versions
Resolution
- Log into the App Control console
- Navigate to Assets > Files
- Look for the file by Hash or by Name, adding the respective filters
- Click on View details in file in question
- Confirm it is marked as installer
Additional Information
- Linux files are not recognized as installers.
- Mac files recognized as installers are packages – files with .PKG extensions and properly defined archive headers. Because of this, using the Mark as installer feature might be particularly useful for these platforms
- Files identified as installers do transfer their approval status to files that they generate, if any
- When troubleshooting unexpected blocks compare the hash of the process in the block event, to the process marked as installer, as there may be different versions of the same file
Feedback
Yes
No
Powered by
