Although you can approve or ban files from tables, you might want more information about the file before you decide to ban it. To do this, go to the File Details page.
Note: You can follow this same procedure to approve or ban a file globally or by policy from the File Instance Details page, which also includes options for applying or removing local approval of an individual file.
- Click the View Details button next to the file in a table, or click its hash or name in the Events table.
- Examine the information on the File Details page to confirm that you want to approve or ban the file. For example, you can see in the File Prevalence line whether any computers currently have the file. To determine which computers have the file before you approve or ban it, click the All File Instances link on the Related Views menu.
- If you have Carbon Black File Reputation enabled, the Carbon Black File Reputation Information panel shows Trust, Threat, and other information about the file, if available. You can click the Analyze button to search Carbon Black File Reputation for updated information.
Note: If you want to analyze the file but the Analyze button is not visible, see Activating Carbon Black File Reputation.
- In the Action menu, select the rule to create for this file. If the file is already approved or banned, you must remove the current rule (using Remove Approval or Remove Ban) before you create an opposite rule.
Note: For more information about approving or banning hashes from the Files tab of the Software Rules page, see Create an Approval or Ban from the Software Rules Page.