There are two types of filters on the Type menu for Target and Baseline definitions: Computer Filters and Advanced Filters.
Advanced Filters includes all the filters types in Computer Filters. After you select the type, you can add different filters from its menu. You also can add multiple filters of the same type.
Computer Filters are useful if you know that the only criteria for specifying a baseline or target are computer-related. You have the following Computer Filter options:
- Computer
- Computer Tag
- IP Address
- Platform
- Policy
Although two of these duplicate choices on the Type menu, by using the Computer Filters type, you can set multiple filters for computers. For example, you can specify the baseline to include all computers in Low enforcement policies that have a Computer Tag of “Sales” or “Marketing”.
Advanced Filters are useful to include criteria that is not available on the Computer Filters menu in your specification of a baseline or a target. You can still include computer filters, but Advanced Filters also allow you to use a large set of file criteria, including hash values, file prevalence, and threat level.
With the File Type filter, you can specify that your target or baseline includes or excludes the following choices:
- Application: Any executable (for example, .exe or .com) except for Packages
- Supporting File: Any library loaded by an executable (for example, .dll, .ocx, .sys)
- Package: Any installer (.exe with contents, such as a self-extracting zip or setup program)
- Script File: Any script or batch file (for example, .bat, .vbs, .wsf)
- Other: Reserved for future types
- Unrecognized Executed File: A file that was not identified as an executable by Carbon Black App Control during initialization or later analysis, but that some process attempted to execute. The execution attempt causes the file to be added to the file lists in the console for tracking and management.
- Unknown: Files reported by older Carbon Black App Control Agents that do not provide file type information