The Files pages include views that report on the existence of suspicious or threatening files, even if they were created prior to the installation of the Carbon Black App Control Agent on an endpoint.
To view the Files pages, click Assets > Files on the console menu and click the tab for either File Catalog or Files on Computers. The following threat-related Saved Views are available on these tabs:
- Threat Report - Suspicious Files by Extension (File Catalog only) – This view identifies files that have been analyzed and determined to be executables by Carbon Black App Control but have an extension that is not an executable type. Malware often tries to disguise itself by using normally benign file extensions such as .gif or .jpg.
- Threat Report - Suspicious Files by Name – (Files on Computers only) This view shows files in the inventory that have names similar to the name of a common file (such as an operating system file), zero trust level in Carbon Black File Reputation, and a File State of Unapproved.
You can click on the Show Filters button on the Files pages to see the extension and other parameters that create these views. The views have the potential to produce many false positive results. To reduce the number of results, additional factors such as file trust, size, and publisher are used in this view. You can further modify and save the view under another name to create your own version of a threat report for files.