The File Instance Details page shows information about a file instance on a computer plus some of the global file information on the File Details page.

In any table showing file instances – for example, the Files on Computers page or Find File Results – you can click the View Details button to open the File Instance Details page.

The File Instance Details page

Many File Instance Details fields are identical to those on the File Details page (see File Details Page) and you can take many of the same actions. The following table shows the additional fields that are available on the File Instance Details page and in the Files on Computers table. On the details page, these appear in the top panel, which is labeled Details for file on computer: <computername>.

Table 1. Additional Fields: File Instance Details and Files on Computers

Field

Description

File Instance Details: File on computer panel

File Name

File name of this instance.

Date Created

Exact time this instance was created in its current location, displayed in the following format: MM DD YYYY hh:mm:ss(AM/PM).

File Path

Path of the this file instance.

Computer

Name of the computer that this instance is on.

Platform

Platform (Windows, macOS) of the system the instance is on.

User Name

Name of the user who was logged in when this file was created.

Local State

The local state of the file instance (Unapproved, Approved, Banned, Deleted).

If the local state is Unapproved, you can choose Approve Locally on the Actions menu. If it is Approved, you can Remove Local Approval. If it is Banned, you cannot change it.

Local State Details

File-state metadata for use by VMware Carbon Black Support engineers. See Local State Details.

Detached Certificate Subject Name

If this file did not have its own certificate but was indirectly signed through a detached certificate, this field displays and shows the subject name from the certificate.

Detached Publisher

If this file did not have its own certificate but was indirectly signed through a detached certificate, this field displays and shows the name of the publisher. Some publishers distribute updates as collections of unsigned files together with a catalog that contains hashes of all indirectly signed files and is itself signed. Carbon Black App Control can use these catalogs to verify publishers and allow publisher-based approval of files that are signed in this way.

Detached Publisher State

If there is a detached publisher, these options are the same as for Publisher State: Approved, Approved by Policy, Banned, Banned by Policy, Unapproved.

Executed

Indicates whether this file instance has been executed.

Present at Initialization

Indicates whether this file instance was among the files present on the computer when the Carbon Black App Control Agent was installed or whether it appeared after installation.

Top-Level File

(in Details)

Top-Level

(in Files on Computers)

Indicates whether the file is a top-level file; that is, one that was not installed by or copied from another file.

On Windows systems, files that were discovered during initialization can be later assigned top-level status if they are discovered to be installers.

Deleted

Indicates whether this file instance has been deleted from the computer it was on. This is a temporary state immediately after file deletion and before it is removed from the database for this Carbon Black App Control Server.

Root File Name

File that wrote the current file. If this is a top-level file, there is no root file and the name is (none).

Fields in table only

Assessment

Shows an overall assessment of the risk of this file, combining file threat, file trust, and publisher trust from all available sources.

Computer Tag

For the computer on which the file appears, displays the optional Computer Tag if provided.

IP Address

The IP address of the computer on which the file appears.

Operating System

The operating system of the computer on which the file appears.

Policy

The Carbon Black App Control security policy of the computer on which the file appears.