![]() The Local White reputation is assigned to the following types of files: This reputation indicates that the hash/application is set to a PUP (Potential Unwanted Programs status of adware or popups). The reputation can be updated with further analysis or reputation sources.Ĭarbon Black Analytics and threat intelligence feeds determine the Adware/PUP Malware reputation. The analysis cannot determine if the file is good or malware. This reputation indicates the application as a suspected malware and it is assigned by either Carbon Black Cloud or the Local Scanner. This reputation indicates the application as a known malware and it is assigned by either Carbon Black Cloud or the Local Scanner.Ĭarbon Black Analytics and threat intelligence feeds determine the Suspect Malware reputation. It is where a file is signed with a Publisher and CA on a list managed by VMware Carbon Black.Ĭarbon Black Analytics and threat intelligence feeds determine the Known Malware reputation. This reputation indicates the hash as a known good file, and it is assigned by either Carbon Black Cloud or the Local Scanner. For details, see Adding to the Banned List.Ĭarbon Black Analytics and threat intelligence feeds determine the Trusted Approved List reputation. The SHA-256 hashes that you add manually to the Company Banned List assign the application to that reputation. The Company Banned List reputation indicates a malicious or unwarranted behavior and includes specific hashes that override lower-priority reputations. For details, see Adding to the Approved List. As a console admin, you manually add an application to the Company Approved List reputation by assigning the application through the SHA-256 hash. Includes specific hashes that override lower-priority reputations. You should direct additional interest to any ignored file that is not signed by Carbon Black. Important: Only files signed by Carbon Black are assigned the status of For example, you can have one reputation from the Cloud, one from the Local Scanner, and one due to pre-existence. The number of reputations depends on the number of different sources the sensor uses to cache reputations for the same SHA256 file. Post-Executed - Files that are already running or have run before.Īn application can have more than one reputation.Pre-Executed - Files that attempt to execute for the first time.New files that are dropped or created on the hard disk but never executed. ![]() Pre-existing files that were never executed. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |