When the details of an event identify a file, you can take action on that file directly from the Events page.

Select the check box to the left of the event in the table and then select an action from the Action menu. Only events containing file information can be selected.

The actions you can take on a file on the Events page are the same as those you can take on the Files page, including:

  • Locally approve a file instance or remove local approval
  • Globally approve or ban a file for all computers
  • Create a custom approval or ban that applies to computers in specific policies
  • Create a report-only ban that only reports that it would have blocked the file if fully enabled
  • Remove an approval or ban
  • View Carbon Black File Reputation data for the file

For details on these file actions, see Approving and Banning Software.

If the Connector option is installed and licensed, you can upload files or analyze them using a third-party network security appliance. See App Control Connector and Uploading Files from Agents.