As files are being installed on a computer, the Carbon Black App Control Agent groups them according to its analysis of what process is installing them.
This group name might be unique, or it might be an installer name common to multiple groups – “setup.exe”, for example.
After installation is complete, the agent scans the Windows program database to see whether these files can be associated with a Programs and Features entry. If so, files are regrouped under the file that is used for modifying or removing corresponding programs. If no Programs and Features entry is found, installed files retain the initial group name.
Group names are used wherever files are listed in the console. Examples include:
- On the File Catalog and Files on Computers tabs, you can select the Installed Programs Saved View to see a list of applications.
- In Baseline Drift Report Results, if you are looking at a Files view, you can group by Installed Program to see how much drift is attributable to each application.
- If you click a highlighted file name in the File Catalog, you see a File Group Details page that lists all files associated with the file you clicked, and usually showing the application of which they are a part. This is the aggregate of all unique files installed by the highlighted file, on all computers running the Carbon Black App Control Agent.
- If you click a highlighted file name in the Files on Computers page, you see a File Group details page listing all files that are associated with the file instance you clicked on.
- If you click <Initialization Files> in a row on the Files on Computers page, you see a list of all files that were present on the computer named in that row at the time the Carbon Black App Control Agent was last initialized (typically, this is when the agent was installed).