The Carbon Black File Reputation bases a file’s trust rating on a proprietary algorithm that takes the following factors into account:
- Source Trust – The origin of the file.
- Publisher Trust – Whether the file has a signed digital certificate and the trust that is associated with that specific certificate.
- Malware Severity – Whether anti-virus scanners identify the file as malicious or potentially malicious (for example, a virus or malware). Files in the Carbon Black File Reputation database are scanned by multiple anti-virus products.
- Vulnerability Severity – Whether there is a known vulnerability for the file (specifically, a Microsoft-reported vulnerability), and if so, how severe.
- Duration Seen – How long Carbon Black File Reputation has seen this file in the field.
- First Seen – When this file was first seen in the field by Carbon Black File Reputation.
- Prevalence – How common this file is in the field, as reported to Carbon Black File Reputation.
The combination of these factors is used to calculate the trust rating of a file. Carbon Black File Reputation rates file trust on a scale from 0 (lowest trust) to 10 (highest trust). For example, a signed operating system file with no known vulnerabilities would have a Trust value near 10. An unsigned third-party application not distributed through well-known websites might have a trust value of 3. Known malicious software, or an application distributing known malicious software, would have a Trust value at or near 0.