In the Carbon Black App Control Console and throughout this guide, you will often see the term “files.” What constitutes a “file” depends upon the Carbon Black App Control feature:
For Carbon Black App Control’s live inventory, a “file” is an executable or script file. When you install the Carbon Black App Control Agent on a computer, it analyzes all files on the fixed, local drives of the system, determines which of them are executables or scripts, and keeps an inventory of these files. Non-executable files are ignored once they are identified.
Carbon Black App Control determines that a file is an executable by the content of the file, not its file extension. Carbon Black App Control determines that a file is a script by a combination of factors, and users can add to or modify these script definitions. Only executable and script files can be approved or banned. Certain configuration settings can exclude special cases of these files from tracking and inventory.
- For File Integrity Monitoring, access to non-executable data and configuration files can be tracked if you register the files with Carbon Black App Control through a File Integrity Control rule. Once a file or path is covered by such a rule, any attempt to access it generates an auditable event in Carbon Black App Control, and if you choose, the attempt is blocked.