Environment
Carbon Black Cloud Console: All Versions
Carbon Black Cloud Sensor: All Versions
Microsoft Windows: All Versions
Apple MacOS: All Versions
Symptoms
- Log into the Carbon Black Cloud Console > Investigate > Select [App Name] > Select "Take Action" > Request Upload
- The file is never uploaded to the the Carbon Black Cloud > Enforce > Cloud Analysis Page
Resolution
- "Request Upload" will upload apps to the Carbon Black Cloud > Settings > Inbox Page
- "Submit unknown binaries for analysis" will allow the Carbon Black Cloud to upload unknown binaries and display the requests/results in the Cloud Analysis Page
Additional Notes
- Request Upload allows an Admin to perform file analysis outside of the Carbon Black Cloud
- If "Submit unknown binaries for analysis" is enabled, any binary with an unknown reputation may be uploaded for additional analysis to determine if the file's execution should be blocked at the sensor. This requires the use of the local scanner as well as a Carbon Black Cloud sensor version of 3.2 or above
- If "Submit unknown binaries for analysis" is enabled, all traffic goes through Endpoint Standard Device Services before it is routed to Carbon Black Cloud. The Carbon Black Cloud only uses third-party vendor, Avira Operations GmbH & Co. KG (“Avira”), as a sub-processor to assist with the threat analysis. The sensor will never directly communicate with Avira, so there are no additional network changes required
Related Content