How are reputations assigned for files? Is there a set order for which reputation gets used if there is more than one? Where can I find the reputation priority matrix?

• Carbon Black Cloud Console: All Versions
• Endpoint Standard Sensor: All Versions
• Microsoft Windows: All Supported Versions
• Apple MacOS: All Supported Versions

Reputation assignment depends on:

1. The type of file (Pre-Existing, New, Network)
2. The policy configuration. Settings such as Background Scan, Local Scanner Configuration, Delay Execute for Cloud Scan, Scan Files on Network Drives, Scan Execute on Network Drives all come into play.
3. Where the file is at in the execution process (No Execute, Pre-Execute, Post-Execute).
4. The current reputation (if any).

The reputation assignment priority matrix and a full breakdown of how reputations are assigned can be found in the "Reputation Assignment" section of the User Guide. 

• Reputation Assignment

• Pre-Existing Files: Files that existed on the device prior to the sensor being installed
• New Files: Files that are created or downloaded on the device after the sensor is installed
• Network Files: Files that exist on network drives
• No Execute: Pre-existing files which never executed or new files that were dropped or created on the hard disk but never executed
• Pre-Execute: Pre-execute refers to the first time that a file is attempting to execute
• Post-Execute: Post-execute refers to files which are already running or which have run before
• Definite Reputation: Anything other than NOT_LISTED or UNKNOWN