When you click Search , the Binary Search page updates the results data with information that is specific to your search criteria. The results are displayed in a variety of formats that allow you to quickly find suspicious binaries.

A summary of the results appears in facets (small tables and graphs that provide high-level result data). Each process that matches your search criteria appears in a row below the facets.

Facets provide a high-level summary of your current search results. Click the information icons to learn more about each facet.

The top row of facets contains information about the binary search results. Click the right-arrow to see all facets in this row.

  • Digital Signature – The percentages of signed, unsigned, explicit distrust, and expired binaries.

  • Publisher – A list of binary publishers and the percentage of binaries that have those publishers.

  • Company Name – A list of binary publisher companies and the percentage of binaries with those company names.

  • Product Name – The product name of the binary.

  • File Version – The file version of the binary.

  • File Paths – A list of file paths where files matching the current binary search have been seen.

  • Groups – A list of the sensor groups that have identified binaries.

  • Hostnames – A list of host names for computers on which binaries have been identified.

The second facet row contains graphs. Clicking on a facet within a graph filters the results to show the items that match that value. By default, these facets are sorted by the highest-to-lowest percentage.

Hovering over a facet within a graph displays binary counts.

The second facet row displays the following information about binaries in the results:

  • Sign Time – The number of binaries that were signed on a particular date.

  • Host Count – The number of binaries that were seen by Carbon Black EDR on a host or a number of hosts.

  • First Seen – The number of binaries that were first detected on a particular date.

  • Carbon Black Reputation Score – The number of binaries that match the current search listed by Carbon Black Reputation Score.