Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Endpoint Standard: Request Upload of an app does not upload app to Cloud Analysis Page

Endpoint Standard: Request Upload of an app does not upload app to Cloud Analysis Page

Environment

Carbon Black Cloud Console: All Versions
Carbon Black Cloud Sensor: All Versions
Microsoft Windows: All Versions
Apple MacOS: All Versions

Symptoms

  • Log into the Carbon Black Cloud Console > Investigate > Select [App Name] > Select "Take Action" > Request Upload
  • The file is never uploaded to the the Carbon Black Cloud > Enforce > Cloud Analysis Page 

Resolution

  • "Request Upload" will upload apps to the Carbon Black Cloud > Settings > Inbox Page
  • "Submit unknown binaries for analysis" will allow the Carbon Black Cloud to upload unknown binaries and display the requests/results in the Cloud Analysis Page

Additional Notes

  • Request Upload allows an Admin to perform file analysis outside of the Carbon Black Cloud
  • If "Submit unknown binaries for analysis" is enabled, any binary with an unknown reputation may be uploaded for additional analysis to determine if the file's execution should be blocked at the sensor. This requires the use of the local scanner as well as a Carbon Black Cloud sensor version of 3.2 or above
  • If "Submit unknown binaries for analysis" is enabled, all traffic goes through Endpoint Standard Device Services before it is routed to Carbon Black Cloud. The Carbon Black Cloud only uses third-party vendor, Avira Operations GmbH & Co. KG (“Avira”), as a sub-processor to assist with the threat analysis. The sensor will never directly communicate with Avira, so there are no additional network changes required

Related Content


Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
Creation Date:
‎09-09-2020
Views:
2317
Contributors