Environment
- Carbon Black Cloud Console: All Versions
- Carbon Black Cloud Sensor: All Supported Versions
Symptoms
- Files retrieved via GET command in Live Response cannot be opened due to incorrect file format.
- Filename is a long string of characters that does not match the filename on the remote machine.
Cause
Files downloaded via Live Response will have the file extension removed and may be named similar to "9ba02d41-f873-45f4-ba19-5091c8246095".
Resolution
The downloaded file needs to be renamed, adding the correct extension matching the original file type. Example:
The command "get C:\Temp\filename.txt" downloads the file "9ba02d41-f873-45f4-ba19-5091c8246095" to the local system.
Rename "9ba02d41-f873-45f4-ba19-5091c8246095" to "filename.txt" to make it a readable text file again.
Additional Notes
- This is expected behavior of files retrieved via Live Response.
- If browser settings prevent the file from automatically downloading, the 'File ready for download' link in the Live Response session can be clicked to automatically begin download or prompt for a save location.
Related Content
