This section describes reputation approval rules, which can be used to automatically approve files based on the file and publisher trust ratings that Carbon Black File Reputation provides.
- Reputation approval rules require activation of Carbon Black File Reputation. See Activating Carbon Black File Reputation.
- Other methods for approving files are described in Approving and Banning Software
Carbon Black File Reputation provides a cloud-based database of known files. It pulls file data from a combination of distribution partners, Web crawlers, honeypots, and the VMware Carbon Black user community. For files in the database, Carbon Black File Reputation reputation data provides context information such as who published the file and what product (if any) with which it is associated . It also screens software using multiple anti-malware tools, and cross-references it against third-party vulnerability databases.
Using the information it has about a file, the Carbon Black File Reputation assigns a threat level and a trust rating. It also assigns a trust rating to publishers.
Reputation approval rules allow you to use these trust ratings to approve files automatically, using the following options:
- Approvals can be based on file or publisher reputation, and these options can be enabled together for maximum coverage and benefit.
- You set the trust thresholds at which you want files and publishers to be approved.
- You can enable reputation approvals for all agent-managed computers or by policy.
- You can disable reputation approvals for specific publishers and specific files that you do not want to be automatically approved.
If you are concerned about advanced threats, reputation approvals can be a good choice for approving files considered trustworthy. Automatic approval using reputation can give your end users more flexibility and reduce the effort of maintaining the list of approved files. Reputation approvals are based only on a file’s trust rating (that is, how safe it is believed to be), not on whether it is appropriate for a business environment.
When you enable reputation approvals, any manual file or publisher state assignments you have made remain in effect and take precedence over reputation. For example, if you ban a file by name or hash, that file remains banned even if it would have been approved by reputation. When and how reputation approval rules affect files on computers is described later in this section.