Carbon Black App Control tracks executable files and monitors their prevalence and execution. Initialization, the inventory of existing files by Carbon Black App Control, begins immediately after installation of the Carbon Black App Control Agent on a computer.

Each file found on a fixed, local drive of a computer during the initial inventory is locally approved on that computer unless it has been already banned on the Carbon Black App Control Server. Local approval does not change the global state of a file.

After initialization, new unidentified files that appear on the fixed, local drives of computers running an agent are classified as having a state of Unapproved, both globally and locally, on the computer on which they were found. A file keeps its Unapproved state until it becomes Approved or Banned. Once a file has been approved, it is allowed to execute but continues to be tracked.

Carbon Black App Control features several automatic file approval methods (trusted directories, approved publishers, trusted users, pre-configured updaters for Windows computers, reputation approvals, and bulk approval of files from a list of hashes) that make it easy to approve new software without having to do it file-by-file. You also can manually mark individual files as approved or banned.

Other Carbon Black App Control features monitor activity on your computers, which might help you decide on what files to approve or ban. The Carbon Black App Control Server can tell you:

  • Whether a file exists on your computers
  • Which computers have the file
  • Where and when the file first arrived in your environment
  • What is known about the source, category, trust level, and threat of the file
  • Whether and when a file has executed, and on which computers
  • Whether a file has propagated and, if so, whether it has been renamed
  • On Windows and Mac computers, whether attached storage devices (including USB, SCSI, and others) exist on your network, when they first were discovered, and on what computer
  • How the inventory of files on computers has changed over time