Carbon Black App Control agents collect information about applications installed on agent systems and report it to the server, which displays the information on the Applications page in the console.

This page is similar to the Files page. It includes the following tabs:

  • Application Catalog tab, which shows each unique, identifiable application on agent systems reporting to your server.
  • Applications on Computers tab, which shows each identified instance of these applications on each computer.
  • CPE Applications tab, which shows each unique, identifiable Common Platform Enumeration (CPE) application on agent systems reporting to your server.
  • The Applications page shows Windows applications only.
  • Applications are shown only for agents reporting to the current Carbon Black App Control server; there is no Unified Management for applications.

Most of the information about the application is from the metadata of the installer file for the application or the application registry data. It is similar to the information on the Programs and Features page of the Windows Control Panel. If the installer was an MSI file and that file still exists on a computer, application information is extracted from the installer metadata. For other installer types or if the MSI installer has been deleted after installation, application information is extracted from the Windows registry.

Other information describes the application in your environment, such as where it is installed and its prevalence. It also includes information about Carbon Black App Control features that could affect the application, such as the policy of the agent on a computer with the application, and whether there is a Rapid Config that (if enabled) would control the behavior of the application.

Application data is not about a specific file or hash but about the application as a whole. Some views on the Files pages can show files associated with an application. See File Groups and File Catalog.

Caution: Most file data in Carbon Black App Control comes from file metadata and much of the application data comes from the registry. A malicious actor can spoof this data.