The File Catalog tab on the Files page shows unique files discovered on computers running the Carbon Black App Control Agent and reporting to your Carbon Black App Control Server.
In addition to displaying tables of files and their details, the File Catalog tab has an Action menu for taking file-related actions, including approving, banning and looking up information about files in Carbon Black File Reputation.
From the File Catalog, you can open a File Details page by clicking the View Details button next to a file name. The column headings available in the File Catalog correspond in most cases to fields on the File Details page for a single file. See File Details Page for a description of this information.
By default, the File Catalog shows all files. You can select a different Saved View of the catalog or create a view to focus on particular types of files or search for one file. If you are not familiar with modifying views in console tables, see Console Tables. You also can show unique top-level files only (files not known to have been installed by or copied from another file) instead of all files. See Showing Individual Files before choosing this option.
The File Catalog shows the first seen name of a unique file, and the unique file is identified by its hash. The name of a file instance on a particular computer might not appear in the File Catalog even though it appears in the Files on Computers tab. Use Find Files or the Files on Computers tab to locate a particular instance by name.
The following table shows the Saved Views on the File Catalog tab.
Saved View |
Description |
---|---|
Applications by Publisher/Company |
Files that are identified as Applications or Packages; in this view, they are grouped by Publisher (if available) or Company.
Note: You can also view information about Windows applications in the separate Applications Catalog (
Assets > Applications).
|
Approved Files |
All executable files approved by a global approval method. |
Banned Files |
All files explicitly banned by hash. Files banned by name do not appear in the table on the File Catalog tab. Files that are banned for some policies but not others do not appear in the Banned Files table, but can be found in the File Catalog tab by using the File State filter. |
Categorized Files |
Files that exist on at least one computer and fall into one of the application categories identifiable by Carbon Black File Reputation (such as Hacking Tools and Instant Messaging). In this view, the files are grouped by category. |
Existing Files |
Files that exist on at least one agent-managed computer that reports to your server. |
Installed Programs |
Files grouped by the installed program with which they are associated. This view shows the full package or application name for the installed programs.
Note: Only Windows files are identified as Installed Programs.
|
Malicious Files |
Files that exist on at least one computer and have been identified by Carbon Black File Reputation as having a Threat level of 1-Potential risk or 2-Malicious. |
New Unapproved Files |
Unapproved files that appeared on computers after file initialization, that have not been Acknowledged, and that still exist on at least one computer. |
Removed Files |
Files that no longer exist on any agent-managed computer reporting to your Carbon Black App Control Server. |
Reputation Approvals |
Files that have been approved because of the trust rating of the file or its publisher in Carbon Black File Reputation. |
Trusted Packages |
Top-level files located in a Trusted Directory that are the common source or installer files for other files. Click the View Details button to display the File Details page for the package itself. Click the package name for a table of associated files written by the package. The root file for each package can also display in other tabs. |