A reputation is the level of trust or distrust that is given to an application. Reputations are based on multiple sources of known good and known bad reputations. There are various ways to view file reputations in your system.

If a file is suspicious or matches known malware, the file reputation service labels it as such in the Carbon Black Cloud console. Any binaries that are added to the company banned or company approved list through the SHA-256 hash are also detected and labeled as either malicious or trusted.


Carbon Black is replacing the terms blacklist and whitelist with banned list and approved list. Notice will be provided in advance of terminology updates to APIs, TTPs, and Reputations.

  • The Carbon Black Cloud console indicates images that have company banned or critical files with a malware badge .

    The malware badge displays only when the Carbon Black Cloud considers the image file to be partially or fully malicious. For example, a malware badge displays for a malware hash that has been added to the company banned list. A malware badge does not display for a hash that has been blocked through a company policy.

  • MD5 is not supported. The hash must be in SHA-256 format.