Carbon Black File Reputation is a web service from by Carbon Black that helps identify and classify software discovered on your computers by comparing it to an extensive database of known files.

Based on weighted analysis, Carbon Black File Reputation further assigns a threat level (malicious, potentially malicious, unknown, or clean) and a trust rating (0-10 or unknown) to each file. The Carbon Black App Control Server can include this information in its live file inventory so that you immediately know the threat status and other key information about files on your systems. If you have Carbon Black File Reputation enabled, you can “analyze” any file in the Carbon Black App Control Server inventory to get whatever information is available.

A file’s trust rating goes beyond the information available from one anti-virus scan. It is based on a series of factors, including how long and on how many computers the file has been seen, whether it has a trusted digital certificate, and the results of scanning by multiple anti-virus programs.

For example, a file that scans as clean on anti-virus programs, has a trusted digital certificate from a known publisher, and appears on many computers for a long period of time might have a trust rating of 10, highly trusted. Another file that also produces clean anti-virus scans but has only recently been seen, is on very few computers, and does not have a digital certificate might only get a trust rating of 2, low trust.

You can use the trust rating to automatically approve files, either based on their own trust rating or the rating of their publisher. By using Reputation Approvals, administrators can enforce their chosen security posture as it relates to file or publisher trust level and approve high trust software with no administrative overhead.