Carbon Black Cloud: What Can Be Uploaded with the Request Upload Feature?
Carbon Black Cloud(Formerly PSC) Console: All Supported Versions
Endpoint Standard(Formerly CB Defense)
Enterprise EDR(Formerly CB ThreatHunter)
Workload(Formerly CB Defense for VMware + VMware AppDefense)
Audit and Remediation(Formerly CB LiveOps)
What can be uploaded with the "Request Upload" feature?
The following file restrictions apply to manual file uploads.
Windows does not restrict uploading of script files when Private Logging Level is enabled in the policy.
Windows files that have the following file extensions can be uploaded for analysis: .exe .dll .sys .ocx .drv .scr .pif .ex_ .msi .vb .vbs .jar
MacOS scripts are not uploaded if Private Logging Level is enabled in the policy.
If Allow Executable Uploads for Scans is not selected, all script uploads are disabled regardless of type.
Common macOS object types can be uploaded for analysis: Perl Python Ruby Shell TCL PHP Applescript
The following objects cannot be uploaded:
Files in the /etc directory Files that contain the following extensions: .class .js .pkg and .dmg with a file size of > 20MB Scripts (when Private Logging Level is enabled)
Document files including: Keynote PDF MS Office Open Office (determined by both magic and extension)
Files that do not contain a Magic Cookie (the first four bytes of a file that identifies the special file format)
By default only executable files will upload unless the config AllowedToUploadFileTypes=3 is added using this process The "Request Upload" feature is for uploading files from the endpoints for further analysis as mentioned here